Upgrading OpenSSL and OpenSSH On The Server

In order to meet the PCI Compliance, most of the time you have to upgrade the OpenSSL and OpenSSH versions on the server. I am trying to provide the steps which I find most easiest of all to achieve the objective
Lets begin with upgrading OpenSSL first

Download the tar

root@cloud [/usr/local/src]# wget http://www.openssl.org/source/openssl-1.0.1c.tar.gz

Extract the downloaded tar

root@cloud [/usr/local/src]# tar -xzvf openssl-1.0.1c.tar.gz

Go to the extracted directory

root@cloud [/usr/local/src]# cd openssl-1.0.1c

Now to complie the downloaded openssl in the system with the following command

root@cloud [/usr/local/src/openssl-1.0.1c]# ./config

root@cloud [/usr/local/src/openssl-1.0.1c]# make && make install

Now check the version of openssl

root@cloud [/usr/local/src/openssl-1.0.1c]# openssl version
OpenSSL 1.0.1c 10 May 2012

If you are fetting any issues with the upgraded version replace/link the existing ssh binery with the new one

root@cloud [/usr/local/src/openssl-1.0.1c]# which openssl
/usr/bin/openssl

root@cloud [/usr/local/src/openssl-1.0.1c]# mv /usr/bin/openssl /usr/bin/openssl-backup

root@cloud [/usr/local/src/openssl-1.0.1c]# ln -s /usr/local/src/openssl-1.0.1c/apps/openssl /usr/bin/openssl

Before Starting The Actual Upgradation Process Check Current SSH Installations and Configuration

root@cloud [~]# which ssh
root@cloud [~]# rpm -qa | grep ssh
root@cloud [~]# rpm -qa `which ssh`

Take backup of /etc/ssh directory.

Now Lets Begin With The Installations

Go to src folder as I prefer downloading any packages in src First begin with installing newer version of openssl

root@cloud [~]# cd /usr/local/src

Download the tar

root@cloud [/usr/local/src]# wget ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.1p1.tar.gz

Extract the downloaded tar

root@cloud [/usr/local/src]# tar -xzvf openssh-6.1p1.tar.gz

Go to the extracted direcotry

root@cloud [/usr/local/src]# cd openssh-6.1p1/

Now to complie the downloaded openssh in the system with the following command

root@cloud [/usr/local/src/openssh-6.1p1]# ./configure –prefix=/usr –sysconfdir=/etc/ssh –with-ssl-dir=/usr/local/src/openssl-1.0.1c –with-pam –with-libs=-ldl

root@cloud [/usr/local/src/openssh-6.1p1]# make

root@cloud [/usr/local/src/openssh-6.1p1]# make install

Now check the open ssh version and binary, to do so you may use the following commands.

root@cloud [/usr/local/src/openssh-6.1p1]# which ssh
/usr/bin/ssh

&

root@cloud [/usr/local/src/openssh-6.1p1]# ssh -V
OpenSSH_6.1p1, OpenSSL 1.0.1c 10 May 2012

If you are fetting any issues with the upgraded version replace/link the existing ssh binery with the new one

root@cloud [/usr/local/src/openssh-6.1p1]# mv /usr/bin/ssh /usr/bin/ssh-org

root@cloud [/usr/local/src/openssh-6.1p1]# ln -s /usr/local/src/openssh-6.1p1/ssh /usr/bin/ssh

Now restart the ssh service dameon

root@cloud [/usr/local/src/openssh-6.1p1]# /etc/init.d/sshd restart