Thursday 12 April 2012

Openssh Upgrade on Centos 5.7

Openssh packages on centos 5.7 are still 4.3 and the security features of newer ssh packages are backported. But there are many interesting features which are not available with the openssh4.3 version such as chrooting without any pathches, for this particular feature I've upgraded the openssh on my servers as follows:

There are some prereques for an RPM build
yum install gcc
yum install openssl-devel
yum install pam-devel
yum install rpm-build
yum install rpmdevtools
 As a normal user, run the following commands
rpmdev-setuptree
mkdir /software
cd /software
wget http://mirror.bytemark.co.uk/pub/OpenBSD/OpenSSH/portable/openssh-5.8p2.tar.gz
cp openssh-5.8p2.tar.gz rpmbuild/SOURCES
gzip -d openssh-5.8p2.tar.gz
tar -xvf openssh-5.8p2.tar.gz
cp openssh-5.8p2/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/
gzip openssh-5.8p2.tar
cp openssh-5.2p1.tar.gz /usr/src/redhat/SOURCES/
cd /usr/src/redhat/SPECS
 perl -i.bak -pe ‘s/^(%define no_(gnome|x11)_askpass)\s+0$/$1 1/’ openssh.spec
rpmbuild -bb openssh.spec
 cd /usr/src/redhat/RPMS/`uname -i
I got the following errors while running rpmbuild: 

RPM build errors:
File not found by glob: /var/tmp/openssh-5.6p1-buildroot/usr/share/man/man1/scp.1*
File not found by glob: /var/tmp/openssh-5.6p1-buildroot/usr/share/man/man1/ssh-keygen.1*
File not found by glob: /var/tmp/openssh-5.6p1-buildroot/usr/share/man/man8/ssh-keysign.8*
File not found by glob: /var/tmp/openssh-5.6p1-buildroot/usr/share/man/man8/ssh-pkcs11-helper.8*
File not found by glob: /var/tmp/openssh-5.6p1-buildroot/usr/share/man/man1/ssh.1*
File not found by glob: /var/tmp/openssh-5.6p1-buildroot/usr/share/man/man5/ssh_config.5*
File not found by glob: /var/tmp/openssh-5.6p1-buildroot/usr/share/man/man1/slogin.1*
File not found by glob: /var/tmp/openssh-5.6p1-buildroot/usr/share/man/man1/ssh-agent.1*
File not found by glob: /var/tmp/openssh-5.6p1-buildroot/usr/share/man/man1/ssh-add.1*
File not found by glob: /var/tmp/openssh-5.6p1-buildroot/usr/share/man/man1/ssh-keyscan.1*
File not found by glob: /var/tmp/openssh-5.6p1-buildroot/usr/share/man/man1/sftp.1*
File not found by glob: /var/tmp/openssh-5.6p1-buildroot/usr/share/man/man8/sshd.8*
File not found by glob: /var/tmp/openssh-5.6p1-buildroot/usr/share/man/man5/moduli.5*
File not found by glob: /var/tmp/openssh-5.6p1-buildroot/usr/share/man/man5/sshd_config.5*
File not found by glob: /var/tmp/openssh-5.6p1-buildroot/usr/share/man/man8/sftp-server.8*
Installed (but unpackaged) file(s) found:
/usr/share/man/cat1/scp.1
/usr/share/man/cat1/sftp.1
/usr/share/man/cat1/slogin.1
/usr/share/man/cat1/ssh-add.1
/usr/share/man/cat1/ssh-agent.1
/usr/share/man/cat1/ssh-keygen.1
/usr/share/man/cat1/ssh-keyscan.1
/usr/share/man/cat1/ssh.1
/usr/share/man/cat5/moduli.5
/usr/share/man/cat5/ssh_config.5
/usr/share/man/cat5/sshd_config.5
/usr/share/man/cat8/sftp-server.8
/usr/share/man/cat8/ssh-keysign.8
/usr/share/man/cat8/ssh-pkcs11-helper.8
/usr/share/man/cat8/sshd.8

After realising the man pages were in the wrong spot, we added a flag to the configure line in the openssh.spec file  as follows:
%configure \
        --sysconfdir=%{_sysconfdir}/ssh \
        --libexecdir=%{_libexecdir}/openssh \
        --datadir=%{_datadir}/openssh \
        --with-tcp-wrappers \
        --with-rsh=%{_bindir}/rsh \
        --with-mantype=man \
        --with-default-path=/usr/local/bin:/bin:/usr/bin \
        --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
        --with-privsep-path=%{_var}/empty/sshd \
        --with-md5-passwords \
and ran the rpmbuild again then had some issue with %doc section as rpmbuild couldn't stat MISSING* so removed that and rpmbuild generated the openssh rpms in RPMS directory.

References:

No comments:

Post a Comment