SSH is the standard for connecting to remote servers -- without it we would all be taken back in time to the days of telnet and serial cables. However, the SSH version that ships
Installing the OpenSSH client and server on Ubuntu is as easy as typing "sudo apt-get install openssh" at a terminal prompt. However, this will install Portable OpenSSH version 4.3p2[-8ubuntu1]. Unfortunately for users, this version of Portable OpenSSH does not include the "Match" functionality added to the SSH server in version 4.4p1, that "allows some configuration options to be selectively overridden if specific criteria (based on user, group, hostname and/or address) are met."
This article will detail how to compile and configure the latest version of Portable OpenSSH (4.6p1 at the time of this writing) on an Ubuntu 7.04 Feisty Fawn Server system in order to obtain the OpenSSH server's latest features.
A few notes before we begin:
- This article assumes that Ubuntu 7.04 Feisty Fawn Server has been installed without configuring the system as a LAMP or DNS server.
- The version of OpenSSH that is available from the Ubuntu Feisty Fawn repositories will be referred to as the Ubuntu repository version.
- The version of OpenSSH downloaded from openssh.org will be referred to as the new version of OpenSSH.
If it has not already installed, then install the Ubuntu repository version of OpenSSH. This will put some configuration files into place that can be copied later. Type:
sudo apt-get install ssh
Change directories to /usr/local/src
Download Portable OpenSSH 4.6p1 from the mirrors by typing:
Use this filepath: http://mirror.mcs.anl.gov/openssh/portable/openssh-4.6p1.tar.gz
Now, decompress the tarball with:
sudo tar xzf openssh-4.6p1.tar.gz
Remove the tarball.
sudo rm -f openssh-4.6p1.tar.gz
Change the directories to /usr/local/src/openssh-4.6p1:
Install packages necessary to compile the new version of OpenSSH. Some of these may already be installed on the target system, and if this is the case, the package management tool, apt-get, will simply ignore them. Type:
sudo apt-get install build-essential zlib1g-dev libwrap0-dev libssl-dev libpam0g-dev libkrb5-dev'
Configuring OpenSSH with Ubuntu
Configure the new version of OpenSSH with the following options:
sudo ./configure --prefix=/opt/openssh-4.6p1
- -with-privsep-path=/opt/openssh-4.6p1/var/empty --with-pam
- -with-md5-passwords --with-tcp-wrappers --with-kerberos5
Build the new version of OpenSSH with:
Install the new version OpenSSH:
sudo make install
Create the directory /opt/openssh-4.6p1/var/run:
sudo mkdir /opt/openssh-4.6p1/var/run
Rename the existing Ubuntu repository OpenSSH configuration directory.
sudo mv /etc/ssh /etc/ssh.dist
Create a symlink that links the /etc/ssh to /opt/openssh-4.6p1/etc:
sudo ln -s /opt/openssh-4.6p1/etc /etc/ssh
Rename the ssh and sshd configuration files in the new OpenSSH installation.
sudo mv /etc/ssh/ssh_config /etc/ssh/ssh_config.dist sudo mv /etc/ssh/sshd_config /etc/ssh/sshd_config.dist
Copy the original ssh and sshd configuration files into the new OpenSSH installation directory.
sudo cp /etc/ssh.dist/ssh_config /etc/ssh sudo cp /etc/ssh.dist/sshd_config /etc/ssh
Edit the next to last line in /etc/ssh/sshd_config so that it points to the correct sftp-server binary. Therefore Subsystem sftp /usr/lib/openssh/sftp-server becomes Subsystem sftp /opt/openssh-4.6p1/libexec/sftp-server. Change directories to /etc/init.d.
Rename the file ssh.
sudo mv ssh ssh.dist
Download the file "ssh" from www.lostcreations.com. This new file is edited so that all hardcoded references to the Ubuntu repository version of OpenSSH are replaced with variables and those variables are set to the new version of OpenSSH.
Change directories to /etc
Rename the file manpath.config
sudo mv manpath.config manpath.config.dist
Download the file "manpath.config" from www.lostcreations.com. This new file is edited so that the new version of OpenSSH will be placed in the path for man pages.
If you are logged into the target system via a SSH session then the next step could disconnect you. To avoid disconnection, install a package called "screen," otherwise just execute the commands in the file restart_ssh that is created in a few steps.
sudo apt-get install screen
Now change directories to /usr/local/bin:
Create a file called restart_ssh and put the following text into it:
#!/bin/bash killall sshd /etc/init.d/sshd start
Make the file executable
chmod +x restart_ssh
Execute the file with screen.
sudo screen /usr/local/bin/restart_ssh
That's it! If you have any questions feel free to shoot me an email!
This was first published in May 2007