Skip to Content

Upgrade OpenSSH

How to upgrade OpenSSH version in RHEL, Rocky Linux and AlmaLinux?

Overview: This article will help Linux user to upgrade the OpenSSH version on RHEL-based operating systems.



Step 1: Install development tools and dependencies.

root@gateway:~# yum groupinstall "Development Tools" -y

root@gateway:~# yum install gcc -y

Step 2: Make sure to backup SSH configurations before upgrading.

root@gateway:~# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup

Step 3: Check the currently supported key types and algorithms before upgrading.

root@gateway:~# sshd -T | grep -i ’key\|algorithms’

root@gateway:~# sshd -T | grep -i ’key\|algorithms’ > ./sshd.backup

Step 4: Download the latest OpenSSH version tar.gz file.

Run below command to download OpenSSH version 9.9 

root@gateway:~# wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.9p2.tar.gz

Step 5: Follow the steps below to extract and install the latest OpenSSH.

root@gateway:~# tar -xvzf openssh-10.0p1.tar.gz

root@gateway:~# cd openssh-10.0p1

#The configuration installs the new binaries under /usr/local/openssh-10.0 while keeping the configuration files in /etc/ssh, allowing both the old and new versions to coexist.

root@gateway:~# ./configure --prefix=/usr/local/openssh-10.0 --sysconfdir=/etc/ssh

root@gateway:~# make

root@gateway:~# make install

Note:
After running the above commands, both versions of OpenSSH are installed on the system:

root@gateway:~# /usr/bin/ssh -V
OpenSSH_8.7p1, OpenSSL 3.2.2 4 Jun 2024

root@gateway:~# /usr/local/openssh-10.0/bin/ssh -V
OpenSSH_10.0p2, OpenSSL 3.2.2 4 Jun 2024

Step 6: Replace old SSH binary safely.

Step 6(A): Backup the existing OpenSSH 8.7 binary for safe rollback:

root@gateway:~# cp /usr/bin/ssh /usr/bin/ssh_copy

Step 6(B): Copy the new SSH binary into /usr/bin/ssh:

root@gateway:~# cp /usr/local/openssh-10.0/bin/ssh /usr/bin/ssh

Step 7: Check the version after completing the above steps.

root@gateway:~# ssh -V

OpenSSH_10.0p2, OpenSSL 3.2.2 4 Jun 2024

Note: 
After verifying the SSH version, keep the current session open and try logging in from a new session to confirm that SSH is working properly.

Step 8: Check the supported key types and algorithms after upgrading.

root@gateway:~# sshd -T | grep -i ’key\|algorithms’

Note:
If something goes wrong after upgrading, you can revert to OpenSSH 8.7 by restoring the backup binary:

root@gateway:~# cp /usr/bin/ssh_copy /usr/bin/ssh

This will revert back to the older version.

root@gateway:~# ssh -V
OpenSSH_8.7p1, OpenSSL 3.2.2 4 Jun 2024


Related Articles:

How to upgrade OpenSSH in Centos ?

signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms

signature algorithm ssh-dss not in PubkeyAcceptedAlgorithms

DSA key based authentication is not working