Compiling OpenSSH on Ubuntu 7.04 Feisty Fawn Server

Find out how to compile OpenSSH on the latest version of Ubuntu, Ubuntu 7.04 Feisty Fawn Server, to get safely connected to your remote servers.

SSH is the standard for connecting to remote servers -- without it we would all be taken back in time to the days of telnet and serial cables. However, the SSH version that ships with Ubuntu server does not include all of the latest functionality of the production release of the OpenSSH software. To that end, this article will explain how to compile and install the newest release of some of the most important software for Linux on the...

latest version of Ubuntu server.

Installing the OpenSSH client and server on Ubuntu is as easy as typing "sudo apt-get install openssh" at a terminal prompt. However, this will install Portable OpenSSH version 4.3p2[-8ubuntu1]. Unfortunately for users, this version of Portable OpenSSH does not include the "Match" functionality added to the SSH server in version 4.4p1, that "allows some configuration options to be selectively overridden if specific criteria (based on user, group, hostname and/or address) are met."

This article will detail how to compile and configure the latest version of Portable OpenSSH (4.6p1 at the time of this writing) on an Ubuntu 7.04 Feisty Fawn Server system in order to obtain the OpenSSH server's latest features.

A few notes before we begin:

  • This article assumes that Ubuntu 7.04 Feisty Fawn Server has been installed without configuring the system as a LAMP or DNS server.
  • The version of OpenSSH that is available from the Ubuntu Feisty Fawn repositories will be referred to as the Ubuntu repository version.
  • The version of OpenSSH downloaded from openssh.org will be referred to as the new version of OpenSSH.

Installing OpenSSH

If it has not already installed, then install the Ubuntu repository version of OpenSSH. This will put some configuration files into place that can be copied later. Type:

sudo apt-get install ssh

Change directories to /usr/local/src

cd /usr/local/src

Download Portable OpenSSH 4.6p1 from the mirrors by typing:

sudo wget

Use this filepath: http://mirror.mcs.anl.gov/openssh/portable/openssh-4.6p1.tar.gz

Now, decompress the tarball with:

sudo tar xzf openssh-4.6p1.tar.gz

Remove the tarball.

sudo rm -f openssh-4.6p1.tar.gz

Change the directories to /usr/local/src/openssh-4.6p1:

cd openssh-4.6p1

Install packages necessary to compile the new version of OpenSSH. Some of these may already be installed on the target system, and if this is the case, the package management tool, apt-get, will simply ignore them. Type:

sudo apt-get install build-essential zlib1g-dev libwrap0-dev libssl-dev libpam0g-dev libkrb5-dev'

Configuring OpenSSH with Ubuntu

Configure the new version of OpenSSH with the following options:

sudo ./configure --prefix=/opt/openssh-4.6p1
  • -with-pid-dir=/opt/openssh-4.6p1/var/run
  • -with-privsep-path=/opt/openssh-4.6p1/var/empty --with-pam
  • -with-md5-passwords --with-tcp-wrappers --with-kerberos5

    Build the new version of OpenSSH with:

    sudo make
    

    Install the new version OpenSSH:

    sudo make install
    

    Create the directory /opt/openssh-4.6p1/var/run:

    sudo mkdir /opt/openssh-4.6p1/var/run
    

    Rename the existing Ubuntu repository OpenSSH configuration directory.

    sudo mv /etc/ssh /etc/ssh.dist
    

    Create a symlink that links the /etc/ssh to /opt/openssh-4.6p1/etc:

    sudo ln -s /opt/openssh-4.6p1/etc /etc/ssh
    

    Rename the ssh and sshd configuration files in the new OpenSSH installation.

    sudo mv /etc/ssh/ssh_config /etc/ssh/ssh_config.dist
    sudo mv /etc/ssh/sshd_config /etc/ssh/sshd_config.dist
    

    Copy the original ssh and sshd configuration files into the new OpenSSH installation directory.

    sudo cp /etc/ssh.dist/ssh_config /etc/ssh
    sudo cp /etc/ssh.dist/sshd_config /etc/ssh
    

    Edit the next to last line in /etc/ssh/sshd_config so that it points to the correct sftp-server binary. Therefore Subsystem sftp /usr/lib/openssh/sftp-server becomes Subsystem sftp /opt/openssh-4.6p1/libexec/sftp-server. Change directories to /etc/init.d.

    cd /etc/init.d
    

    Rename the file ssh.

    sudo mv ssh ssh.dist
    

    Download the file "ssh" from www.lostcreations.com. This new file is edited so that all hardcoded references to the Ubuntu repository version of OpenSSH are replaced with variables and those variables are set to the new version of OpenSSH.

    sudo wget

    Change directories to /etc

    cd /etc
    

    Rename the file manpath.config

    sudo mv manpath.config manpath.config.dist
    

    Download the file "manpath.config" from www.lostcreations.com. This new file is edited so that the new version of OpenSSH will be placed in the path for man pages.

    sudo wget

    If you are logged into the target system via a SSH session then the next step could disconnect you. To avoid disconnection, install a package called "screen," otherwise just execute the commands in the file restart_ssh that is created in a few steps.

    sudo apt-get install screen
    

    Now change directories to /usr/local/bin:

    cd /usr/local/bin
    

    Create a file called restart_ssh and put the following text into it:

    #!/bin/bash
    killall sshd
    /etc/init.d/sshd start
    

    Make the file executable

    chmod +x restart_ssh
    

    Execute the file with screen.

    sudo screen /usr/local/bin/restart_ssh
    

    That's it! If you have any questions feel free to shoot me an email!
     

This was first published in May 2007

Dig deeper on Linux security risks and threats

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchDataCenter

SearchServerVirtualization

SearchCloudComputing

SearchEnterpriseDesktop

Close