FreeBSD Openssh upgrade/update

J

Janice

Hello all,
I have looked high and low for a answer on google and can not seem to find the answer to this. I am looking to upgrade/update Openssh on my FreeBSD 7.0-RELEASE-p12 machine when I do a ssh -V i get:
Code: 
OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.8e 23 Feb 2007
I understand that the latest version of my posting is: OpenSSH 5.3/5.3p1 released Oct 1, 2009

What is the proper way to update/upgrade this (OpenSSH and OpenSSL) to the latest version? Any advice at this point would be most appreciated.

Janice
 
OpenSSH is tied in to your base system. You're not supposed to pick and choose. Consider hopping to FreeBSD 8, where OpenSSH is now at
Code: 
OpenSSH_5.2p1 FreeBSD-20090522, OpenSSL 0.9.8k 25 Mar 2009
Maybe FreeBSD 7.2 (or 7.3 RC/beta) will be enough.
 
That's very outdated, yes. There's no separate opensshd in ports anymore. Anyway, if there were any security patches for OpenSSH, they were probably MFC'ed back to your current patch level. For a really newer version of OpenSSH, you will have to freebsd-update to the latest release + patch level.
 
One can install security/openssh-portable, which has the latest version of OpenSSH. This will be installed into /usr/local. You can either change your PATH to put /usr/local ahead of /usr, or you can just rename the /usr/bin/ssh* tools. That way, running "ssh" from the commandline will pick up the one from /usr/local/bin.

Be sure to set sshd_enable="NO" and openssh_enable="YES" in /etc/rc.conf.

The nice thing about using the ports version is that it includes the HPN (High Performance Networking) patches, including the "none" cipher (no encryption). These can *really* speed up bulk transfers via scp/sftp.
 
phoenix, That is good news. So basically when I install openssh-portable from ports it will be in essence seperate f4rom my original ssh? And will this have any impact on remote logins once the server has been rebooted? I mean after I put the entries in the rc.conf. I'm just a little confused on this (install) as I don't want to botch nothing up doing this as this seems like it is imperative it is done right. Again thank you,
Janice
 
If you wish your "new" OpenSSH to work as the "old" one just use the same config file. Nothing will change when it comes to remote logins. You will have two separate OpenSSH servers. The default one will not be running in this case though. Note, both SSH's are at the same version at the moment so there is no point in installing portable one.
 
Janice said:
phoenix, That is good news. So basically when I install openssh-portable from ports it will be in essence seperate from my original ssh?
Click to expand...

Correct. OpenSSH installed as part of FreeBSD is under /usr with configuration under /etc/ssh.

OpenSSH installed via the ports tree is under /usr/local with configuration under /usr/local/etc/ssh.

And will this have any impact on remote logins once the server has been rebooted?
Click to expand...

Nope. OpenSSH is OpenSSH is OpenSSH. It works the same, regardless of whether it's installed with FreeBSD or via the ports tree. It all uses the same /etc/passwd setup for user logins.

I mean after I put the entries in the rc.conf. I'm just a little confused on this (install) as I don't want to botch nothing up doing this as this seems like it is imperative it is done right.
Click to expand...

Install openssh-portable. Edit rc.conf to have sshd_enable="NO" and openssh_enable="YES". Run /etc/rc.d/sshd forcestop and /usr/local/etc/rc.d/openssh start. And try to login via SSH.
 
This is great,
Most superb help here might I say. I will be installing this coming weekend and I will finalize here on how everything went.Thank you DutchDaemon, phoenix, and NightWeaver as with these direction it looks a breeze.
Janice
 
phoenix said:
The nice thing about using the ports version is that it includes the HPN (High Performance Networking) patches, including the "none" cipher (no encryption). These can *really* speed up bulk transfers via scp/sftp.
Click to expand...

Sorry for reviving this thread from the dead, but doesn't turning off encryption defeats the purpose of SSH/SFTP?

Cheers,
deltatux
 
If sending across public, untrusted networks, sure. But for transfers on a LAN, or across a dedicated private network, it's nice to be able to triple your throughput.

Authentication is still encrypted. Only the data transfer is unencrypted. And it's only available if both the server and the client are HPN-enabled, and it requires a command-line option (no ssh_config or .ssh/config option). So it's only enabled on a per-transfer basis.

Even if you don't enable the NONE cipher, though, the HPN patches can almost double your SSH/SCP/SFTP transfers.
 
phoenix said:
Correct. OpenSSH installed as part of FreeBSD is under /usr with configuration under /etc/ssh.

OpenSSH installed via the ports tree is under /usr/local with configuration under /usr/local/etc/ssh.



Nope. OpenSSH is OpenSSH is OpenSSH. It works the same, regardless of whether it's installed with FreeBSD or via the ports tree. It all uses the same /etc/passwd setup for user logins.



Install openssh-portable. Edit rc.conf to have sshd_enable="NO" and openssh_enable="YES". Run /etc/rc.d/sshd forcestop and /usr/local/etc/rc.d/openssh start. And try to login via SSH.
Click to expand...
How about downloading the Portable version from OpenSSH.org and compile it with
Code: 
--prefix=/usr --sysconfdir=/etc/ssh
which should overwrite the installed version with the latest one
 
I have following question. Now openssh-portable is too old in ports, so there is no reason to use it. Is it possible to update only sshd without building world?
 
You must log in or register to reply here.
Back
Top