Upgrading OpenSSH on CentOS 5

If you’ve taken a peek at your PCI scan results lately, you may have noticed that your scan provider is now requiring OpenSSH 4.5 or higher – a version that is not currently available in the CentOS 5 repositories. A Yum update isn’t going to help you much there.

You can, however, easily compile your own RPM and manually upgrade OpenSSH. The commands below are the ones I used to install version 5.8 (the latest stable at the time of this post), but can essentially be used for any compatible version.
First, download the OpenSSH source tarball from the vendor and unpack it. You can find the tarballs at http://www.openssh.com/portable.html

wget http://mirror.esc7.net/pub/OpenBSD/OpenSSH/portable/openssh-5.8p1.tar.gz
tar -xvzf openssh-5.8p1.tar.gz

Copy the spec file and tarball:

cp ./openssh-5.8p1/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/
cp openssh-5.8p1.tar.gz /usr/src/redhat/SOURCES/

Do a little magic:

cd /usr/src/redhat/SPECS
perl -i.bak -pe ‘s/^(%define no_(gnome|x11)_askpass)\s+0$/$1 1/’ openssh.spec

…and build your RPM:

rpmbuild -bb openssh.spec

Now if you go back into /usr/src/redhat/RPMS/<arch> , you should see three RPMs. Go ahead and install them:

rpm -Uvh *.rpm

To verify the installed version, just type ‘ssh -v localhost’ and you should see the banner come up, indicating the new version.