Skip to content

Instantly share code, notes, and snippets.

@roommen

roommen/OpenSSH Update Script - Amazon Linux 2

Last active November 17, 2024 09:36
Show Gist options
  • Save roommen/18cd78d07b0fbc962de4e79c1d468f92 to your computer and use it in GitHub Desktop.
Save roommen/18cd78d07b0fbc962de4e79c1d468f92 to your computer and use it in GitHub Desktop.
Download ZIP
OpenSSH Update Script - Amazon Linux 2
Raw
OpenSSH Update Script - Amazon Linux 2
#!/bin/bash
sudo yum install gcc -y
sudo yum install openssl-devel -y
sudo yum install zlib-devel -y
sudo yum install mlocate -y
sudo yum install autoconf -y
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.1p1.tar.gz
tar zxvf openssh-9.1p1.tar.gz
cd openssh-9.1p1 && ./configure && make && sudo make install
@3ap
Copy link

3ap commented Mar 25, 2024

If your colleague also decided to follow these instructions on your day-off, and now finds themselves in a situation where the OpenSSH server is almost inaccessible anymore for new connections (e.g. ssh your-server-ip returns with error "kex_exhcnage_identification: read: Connection reset by peer"), follow my instructions to restore everything back.

Assuming you (or your coworker) still have an open SSH connection and can run commands in the shell:

  1. Set a secure password for the root user using sudo passwd (you can use tools like pwgen to generate a strong password).
  2. Log into the AWS console, navigate to your EC2 instance, select it, then go to Actions → Monitor and troubleshoot → EC2 serial console → Connect
  3. Press Enter a few times in the large black rectangle, and you'll get a login prompt. Type root, press Enter, and then enter the password generated in step 1
  4. Stop the SSH server and terminate all connections by running systemctl stop sshd; killall sshd
  5. Navigate to the openssh server source code directory, most likely it would be cd /home/ec2-user/openssh-9.1p1
  6. Run make uninstall to clean up all the files installed by the previous "make install" command (please avoid doing this on any non-personal machines in the future).
  7. After step 6, you'll no longer have SSH client & SSH server on your system, even though the system package manager still thinks OpenSSH is installed. Reinstall the SSH-related packages to restore everything: yum reinstall openssh openssh-server openssh-client
  8. Finally, start the SSH server again by running systemctl start sshd, and check if you can connect to the server from the server itself by ssh localhost.

P.S. If upgrading is necessary to make npm work (due to the unsupported option "accept-now"), you can use this workaround by setting an environment variable: GIT_SSH_COMMAND=ssh npm i ... (Source)

@Barbery
Copy link

Barbery commented Apr 25, 2024

I am use centOS 7.6, it should like this

./configure --with-ssl-dir=/usr/local/openssl

@prmichaelsen
Copy link

smh this broke my clones

@Gino1024
Copy link

Gino1024 commented Nov 7, 2024
edited
Loading 

sed -i '129a\#include <systemd/sd-daemon.h>' sshd.c
sed -i '2095a\        /* Signal systemd that we are ready to accept connections */' sshd.c
sed -i '2096a\        sd_notify (0, "READY=1");' sshd.c

Hi everyone, I also updated OpenSSH on EC2 this week. After performing the above steps,
systemctl restart sshd executes successfully but the client cannot connect via ssh.

I think there may be some problem with the original ec2 sshkey after the update?

Has anyone else encountered a similar situation and fixed it?

Hope to get the answer... QQ

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment