Quickly upgrade ssh/openssh in CentOS Linux to latest 5.5 version

by jagbir on May 3, 2011

In a CentOS 5.5 host, we were requested to upgrade openssh to its latest version. Here are steps I took to quickly do the upgrade. You may like to compile it from source or can take my way of installing it from some repository.

Checking existing verison shows 4.3p2:

$ ssh -v
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

simply tried upgrading by running yum using default repositories but it didn’t find any latest version. To grab the latest one, I have installed the CentALT repository, which usually have latest packages. I’ve documented the steps to install it in earlier post here. After having installed CentALT, I tried again but found some dependency issue:

$ yum upgrade openssh
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * addons: mirrors.usc.edu
 * base: linux.mirrors.es.net
 * centosplus: mirror.stanford.edu
 * extras: linux.mirrors.es.net
 * updates: linux.mirrors.es.net
CentALT                                                                                                                     |  951 B     00:00     
CentALT/primary                                                                                                             |  85 kB     00:01     
CentALT                                                                                                                                    256/256
Excluding Packages in global exclude list
Setting up Upgrade Process
Resolving Dependencies
--> Running transaction check
--> Processing Dependency: openssh = 4.3p2-72.el5_6.3 for package: openssh-clients
--> Processing Dependency: openssh = 4.3p2-72.el5_6.3 for package: openssh-server
---> Package openssh.x86_64 0:5.5p1-1.el5 set to be updated
--> Running transaction check
---> Package openssh-clients.x86_64 0:5.5p1-1.el5 set to be updated
--> Processing Dependency: libedit.so.0()(64bit) for package: openssh-clients
---> Package openssh-server.x86_64 0:5.5p1-1.el5 set to be updated
--> Finished Dependency Resolution
openssh-clients-5.5p1-1.el5.x86_64 from CentALT has depsolving problems
  --> Missing Dependency: libedit.so.0()(64bit) is needed by package openssh-clients-5.5p1-1.el5.x86_64 (CentALT)
Error: Missing Dependency: libedit.so.0()(64bit) is needed by package openssh-clients-5.5p1-1.el5.x86_64 (CentALT)

little searching revealed its due to libedit library which we needs to bump up, got its rpm from phone.net and installed:

$ cd /usr/src 
$ wget ftp://ftp.pbone.net/mirror/atrpms.net/el5-x86_64/atrpms/stable/libedit0-3.0-1.20090722cvs.el5.x86_64.rpm
$ rpm -ivh libedit0-3.0-1.20090722cvs.el5.x86_64.rpm

Then again tried upgrading openssh and its went fine:

$ yum upgrade openssh
 Package                                 Arch                           Version                              Repository                       Size
 openssh                                 x86_64                         5.5p1-1.el5                          CentALT                         314 k
Updating for dependencies:
 openssh-clients                         x86_64                         5.5p1-1.el5                          CentALT                         598 k
 openssh-server                          x86_64                         5.5p1-1.el5                          CentALT                         328 k
Transaction Summary
Install       0 Package(s)
Upgrade       3 Package(s)
Total download size: 1.2 M

Restart the sshd service and confirm new version:

$ /etc/init.d/sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]
$ ssh -v
OpenSSH_5.5p1, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

We are done.

You may also like other related articles on this blog:
* Quickly change your ssh port from defualt 22 to something higher
* Top 5 most useful tools for Linux Admin
* Top 5 steps to secure your production Linux host
* Ensuring secure access to production Linux hosts
* Bash script to backup essential log files in Linux Server
* Install and Configure DenyHost to prevent brute-force attacks

  • Chuck

    This didn’t quite work for me. I get the following when doing rpm -ivh. Thanks. Love the site.

    libc.so.6()(64bit) is needed by libedit0-3.0-1.20090722cvs.el5.x86_64
    libc.so.6(GLIBC_2.2.5)(64bit) is needed by libedit0-3.0-1.20090722cvs.el5.x86_64
    libc.so.6(GLIBC_2.3)(64bit) is needed by libedit0-3.0-1.20090722cvs.el5.x86_64
    libc.so.6(GLIBC_2.3.4)(64bit) is needed by libedit0-3.0-1.20090722cvs.el5.x86_64
    libc.so.6(GLIBC_2.4)(64bit) is needed by libedit0-3.0-1.20090722cvs.el5.x86_64
    libncurses.so.5()(64bit) is needed by libedit0-3.0-1.20090722cvs.el5.x86_64

  • http://linuxadminzone.com jagbir

    Hi Chuck, thanks for comment. which OS/version you are using?

    for libc.so.6, you may check this rpm: http://rpm.pbone.net/index.php3/stat/4/idpl/13944198/dir/centos_5/com/glibc-2.5-49.x86_64.rpm.html


  • https://twitter.com/#!/JKabugu Julius Kabugu

    So many dependencies on glibc so i had yum update it

    yum update glibc

    Realized my system was 32 bit so I had to download



Previous post:

Next post: