Step-by-Step Guide to Upgrading OpenSSH to 8.4p1 on CentOS 7
This tutorial walks you through checking the current OpenSSH version, installing prerequisite packages, backing up existing SSH files, compiling and installing OpenSSH 8.4p1, verifying the configuration, restarting the service, and confirming the upgrade on a CentOS 7 server.
Check the current OpenSSH version:
# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017Ensure the required development packages are installed:
# rpm -qa|grep openssl-devel
openssl-devel-1.0.2k-19.el7.x86_64
# rpm -qa|grep zlib-devel
zlib-devel-1.2.7-18.el7.x86_64
# rpm -qa|grep pam-devel
pam-devel-1.1.8-23.el7.x86_64Download the OpenSSH 8.4p1 source package (remember to get the "p1" version that can be compiled) from the official site:
URL: https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/
Install telnet-server for pre‑upgrade connectivity testing:
# rpm -qa|grep telnet-server
# yum -y install telnet-server
# systemctl start telnet.socket
# systemctl status telnet.socketTest the telnet connection (root login may be disabled, so use another user for testing):
# telnet 192.168.100.102
Trying 192.168.100.102...
Connected to 192.168.100.102.
Escape character is '^]'.
Kernel 3.10.0-1160.el7.x86_64 on an x86_64
localhost login: test
Password:
Last login: Fri Feb 23 16:10:45 from ::ffff:192.168.100.101
[test@localhost ~]$ sudo su -
[root@localhost ~]#Backup the existing SSH files so you can roll back if the upgrade fails:
# mv /etc/ssh /etc/sshbak
# mv /usr/bin/ssh /usr/bin/sshbak
# mv /usr/sbin/sshd /usr/sbin/sshdbakCompile and install the new OpenSSH version:
tar -zxvf openssh-8.4p1.tar.gz
cd openssh-8.4p1/
./configure --prefix=/usr --sysconfdir=/etc/ssh --without-zlib-version-check --with-pam
make
make installCopy the original sshd_config from the backup, adjust any needed settings, then verify the configuration syntax: # sshd -t If no errors are reported, restart the SSH daemon (it may take a few minutes to become active): # systemctl restart sshd Test that you can log in normally: # ssh [email protected] Confirm the upgrade by checking the version again:
# ssh -V
OpenSSH_8.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017At this point the OpenSSH upgrade is complete.
Optional: Build an RPM for Future Upgrades
For a repeatable upgrade process, you can create an RPM package. A ready‑made repository is available at https://github.com/boypt/openssh-rpms . Ensure the RPM is built on the same OS version; otherwise the package may not be compatible.
If after installing the RPM you encounter “Failed to start sshd.service: Unit sshd.service not found.”, copy the missing sshd.service file from another machine with the same OS (e.g., from /usr/lib/systemd/system/sshd.service or /etc/init.d/sshd) or restore it from your backup.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.