Sample Header Ad - 728x90

CentOS 7 upgrade openssh to 9.3p2

1 vote
2 answers
12178 views
centos openssh
I am asked for an upgrade OpenSSH version because of **CVE-2023-38408**, here is my process.: 
yum groupinstall -y "Development Tools"
yum install -y zlib-devel openssl-devel wget

cp /etc/ssh/sshd_config  /etc/ssh/sshd_config.bak
chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key

cd /tmp
wget -c https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p2.tar.gz 
tar -xzf  openssh-9.3p2.tar.gz
cd openssh-9.3p2
yum install -y pam-devel libselinux-devel

./configure --with-pam --with-selinux --with-privsep-path=/var/lib/sshd/ --sysconfdir=/etc/ssh

make && make install
It compiler ssh and sshd with 9.3p2 successfully in my os, so I got two versions of sshd: - /usr/sbin/sshd OpenSSH_7.4p1 - /usr/local/sbin/sshd OpenSSH_9.3 next I shoud change /usr/lib/systemd/system/sshd.service execute path for the new version of sshd. 
[Unit]
Description=OpenSSH server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.service
Wants=sshd-keygen.service

[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -D $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s

[Install]
WantedBy=multi-user.target
I switched /usr/sbin/sshd to /usr/local/sbin/sshd, and did systemctl daemon-reload, service sshd restart, but it didn't work out, the message is: 
Aug 25 07:37:57 localhost.localdomain systemd: sshd.service start operation timed out. Terminating.
Aug 25 07:37:57 localhost.localdomain sshd: Received signal 15; terminating.
Aug 25 07:37:57 localhost.localdomain systemd: Failed to start OpenSSH server daemon.
-- Subject: Unit sshd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel 
--
-- Unit sshd.service has failed.
--
-- The result is failed.
Aug 25 07:37:57 localhost.localdomain systemd: Unit sshd.service entered failed state.
Aug 25 07:37:57 localhost.localdomain systemd: sshd.service failed.
Aug 25 07:37:57 localhost.localdomain polkitd: Unregistered Authentication Agent for unix-process:2259:84553 (system bus name :1.46, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_
Aug 25 07:38:39 localhost.localdomain systemd: sshd.service holdoff time over, scheduling restart.
Aug 25 07:38:39 localhost.localdomain systemd: Stopped OpenSSH server daemon.
-- Subject: Unit sshd.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel 
--
-- Unit sshd.service has finished shutting down.
Aug 25 07:38:39 localhost.localdomain systemd: Starting OpenSSH server daemon...
-- Subject: Unit sshd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel 
--
-- Unit sshd.service has begun starting up.
Aug 25 07:38:39 localhost.localdomain sshd: Server listening on 0.0.0.0 port 22.
Aug 25 07:38:39 localhost.localdomain sshd: Server listening on :: port 22.
Have no idea that the problem is on the file or the service config.
Asked by Chan (111 rep)
Aug 25, 2023, 07:50 AM
Last activity: May 30, 2025, 07:02 PM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "centos"
More questions tagged "openssh"
Footer Ad - 728x90