Upgrade OpenSSH
How to upgrade OpenSSH version in RHEL, Rocky Linux and AlmaLinux?
Overview: This article will help Linux user to upgrade the OpenSSH version on RHEL-based operating systems.
Step 1: Install development tools and dependencies.
root@gateway:~# yum groupinstall "Development Tools" -y
root@gateway:~# yum install gcc -y
Step 2: Make sure to backup SSH configurations before upgrading.
root@gateway:~# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup
Step 3: Check the currently supported key types and algorithms before upgrading.
root@gateway:~# sshd -T | grep -i ’key\|algorithms’
root@gateway:~# sshd -T | grep -i ’key\|algorithms’ > ./sshd.backup
Step 4: Download the latest OpenSSH version tar.gz file.
root@gateway:~# wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-10.0p1.tar.gz
Run below command to download OpenSSH version 9.9
root@gateway:~# wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.9p2.tar.gz
Step 5: Follow the steps below to extract and install the latest OpenSSH.
root@gateway:~# tar -xvzf openssh-10.0p1.tar.gz
root@gateway:~# cd openssh-10.0p1
#The configuration installs the new binaries under /usr/local/openssh-10.0 while keeping the configuration files in /etc/ssh, allowing both the old and new versions to coexist.
root@gateway:~# ./configure --prefix=/usr/local/openssh-10.0 --sysconfdir=/etc/ssh
root@gateway:~# make
root@gateway:~# make install
Note:
After running the above commands, both versions of OpenSSH are installed on the system:
root@gateway:~# /usr/bin/ssh -V
OpenSSH_8.7p1, OpenSSL 3.2.2 4 Jun 2024
root@gateway:~# /usr/local/openssh-10.0/bin/ssh -V
OpenSSH_10.0p2, OpenSSL 3.2.2 4 Jun 2024
Step 6: Replace old SSH binary safely.
Step 6(A): Backup the existing OpenSSH 8.7 binary for safe rollback:
root@gateway:~# cp /usr/bin/ssh /usr/bin/ssh_copy
Step 6(B): Copy the new SSH binary into /usr/bin/ssh:
root@gateway:~# cp /usr/local/openssh-10.0/bin/ssh /usr/bin/ssh
Step 7: Check the version after completing the above steps.
root@gateway:~# ssh -V
OpenSSH_10.0p2, OpenSSL 3.2.2 4 Jun 2024
Note:
After verifying the SSH version, keep the current session open and try logging in from a new session to confirm that SSH is working properly.
Step 8: Check the supported key types and algorithms after upgrading.
root@gateway:~# sshd -T | grep -i ’key\|algorithms’
Note:
If something goes wrong after upgrading, you can revert to OpenSSH 8.7 by restoring the backup binary:
root@gateway:~# cp /usr/bin/ssh_copy /usr/bin/ssh
This will revert back to the older version.
root@gateway:~# ssh -V
OpenSSH_8.7p1, OpenSSL 3.2.2 4 Jun 2024
Related Articles:
How to upgrade OpenSSH in Centos ?
signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms