Manual Install / Upgrade OpenSSH on Ubuntu

Recently I updated OpenSSH due to a PCI scan failure. We had OpenSSH 6.6 running on an Ubuntu 14.4.3 server. As of this writing OpenSSH is at 7.0 but has not been packaged for Ubuntu Aptitude yet.

UPDATE 08/23/2016: I just ran through this process again to install OpenSSH 7.3p on an Ubuntu 14.04 LTS box. Same commands worked without issue. One thing I did do different this time was uninstall the OpenSSH included with Ubuntu by running apt-get remove openssh-server. This guaranteed there was no conflict when installing from source.

This means I need to do a manual install of OpenSSH portable. It was pretty simple for me since I could use the default configuration. Your mileage may vary.


$ apt-get remove openssh-server
$ wget http://.../OpenSSH/portable/openssh-7.0p1.tar.gz
$ tar -zxvf openssh-7.3p1.tar.gz
$ cd openssh-7.3p1
$ ./configure
$ make
$ make install

To test this you can try connecting to local host to see the ssh version returned.
$ ssh -v localhost

Sources:

10 thoughts on “Manual Install / Upgrade OpenSSH on Ubuntu

  1. TDJ: Can’t say that I have. I got tired of problems like quite a while a go, so now my files are awlyas name Foo-bar-ae-oe-aa.txt . I know this is not a solution to the problem but merely a hack. I guess the right way to look at this is to see if the encoding on the server is the same as on the Windows machine. I think most Danish Windows installations use ISO 8859-15 whereas most modern Linux installations use UTF8. By changing the character set on the Linux machine this could perhaps be solved. But then again all the files on the Linux machine has to be changed to 8859-15 with a tool like and this is annoying as well.

  2. Hello! I just wanted to say this post was useful for me and thanking you for writing it up. I was working on a project where the security team requested that I upgrade 10+ servers to OpenSSH 7.0 or above and this did the trick.

  3. When I install the latest version of OpenSSH, -V reports the correct version as you instructed, but using telnet, it reports SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6.

    Is there a reason this is happening?

    I’m trying to upgrade to the latest version of OpenSSH to pass PCI compliance (which also fails since it reports seeing 6.6.1)

    Thanks!

    1. I’ve experienced that issue as well. Did not follow up with it though since we disabled telnet on our box and only SSHed in. I was able to file a false positive with our ASV by showing them the firewall rule blocking telnet and a screen cap showing the correct version of ssh during an ssh session.

  4. when i run make there is an error, please help

    ~/openssh-7.0p1# make
    make: *** No targets specified and no makefile found. Stop.

  5. Very helpful guide!. The first time I tried “/configure” it failed because my box was missing two libs, so I had to manually add them and then tried again:
    sudo apt-get install libssl-dev
    sudo apt-get install zlib1g-dev

    After that, everything worked perfectly.

Leave a Reply

Your email address will not be published. Required fields are marked *