Installation problem with openssh-6.8 on Centos 5.11

[Jenek26]

Hi,

Asking you please to help me with openssh instalation on Centos 5.11

I am trying to install openssh release openssh-6.8 on my OS.

The reason for the ssh upgrade is due to security issues.

I am using steps from following steps during ssh installation:

1. cd /usr/src
2. wget http://mirror.team-cymru.org/pub/OpenBS ... 8p1.tar.gz
3. tar -xvzf openssh-6.8p1.tar.gz
4. yum install rpm-build gcc make wget openssl-devel krb5-devel pam-devel libX11-devel xmkmf libXt-devel
5. mkdir -p /root/rpmbuild/{SOURCES,SPECS}
6. cp ./openssh-6.8p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/
7. cp openssh-6.8p1.tar.gz /root/rpmbuild/SOURCES/
8. cd /root/rpmbuild/SPECS
9. sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" openssh.spec
sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" openssh.spec
sed -i -e "s/BuildPreReq/BuildRequires/g" openssh.spec
10. rpmbuild -bb openssh.spec

I am receiving the following error :
checking whether getpgrp requires zero arguments... yes
checking OpenSSL header version... 0090802f (OpenSSL 0.9.8e-rhel5 01 Jul 2008)
checking OpenSSL library version... configure: error: OpenSSL >= 0.9.8f required (have "0090802f (OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008)")
error: Bad exit status from /var/tmp/rpm-tmp.62496 (%build)


I know that openssh-6.8 will work without any issue on Centos 6.x OS but my aplication cannot run on release 6.x OS.

Please advice,

I am realy need your help!!!

[gerald_clark]

Just run 'yum update' and you will get the current patched version.
Compiling of alternate versions of core software is not supported.
Please read http://wiki.centos.org/FAQ/General#head ... b096cbff2f

[Jenek26]

Hi,

Thanks a lot for the reply.

I was able to compile openssh 5.x or even 6.1 on same OS. The problem is that I need to install the latest openssh release .

Maybe it's possible somehow to upgrade the release of openssl ?

Thanks in advance, Evgeny.

[TrevorH]

Why do you think you need to install the latest version of openssh? All security patches are backported to the version that CentOS 5 ships so there is no security reason to upgrade.

https://access.redhat.com/security/updates/backporting

[Jenek26]

Hi,

You are right my explanation was not clear.

My customer running Vulnerability check on all systems with "hard" requirements.

My system is failed with openssh and customer request was to Upgrade to OpenSSH 6.7.

As I already told I cannot upgrade to 6.x OS, this why I am trying to instal openssh 6.7/6.8 on my 5.11 OS.

Please advice

[drk]

TrevorH explained it to you. yum update your system and then get a list of CVEs fixed in ssh:

Code: Select all

rpm -q -changelog openssh-server|grep CVE

[Jenek26]

Thanks a lot for sharing the information.

I will try it...