How to Install OpenSSH 8.0 Server from Source in Linux

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

17 Responses

  1. Samuel says:

    Hi,

    I followed your guide, and when I type command ssh -V it is showing 8.0, but when I type ssh -v localhost it is showing the following:

    debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
    debug1: match: OpenSSH_7.4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002

    I’m failing PCI scans due to vulnerabilities in 7.4.

  2. Sam says:

    Hi, This worked when I check ssh -V with normal user, but if I log in as root and check ssh -V it still shows the old version…

    [[email protected] ~]$ ssh -V
    OpenSSH_8.0p1, OpenSSL 1.0.2k-fips  26 Jan 2017
    [[email protected] ~]$ sudo -s
    [[email protected] myusername]# ssh -V
    OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
    
  3. hugo says:

    @Aaron Kili, thanks for sharing.

    I followed your steps and got openssh-8.0p1 installed on my Ubuntu 16 machine.

    While issuing command: ssh -V, it gave back the correct version as:

    # ssh -V
    OpenSSH_8.0p1, OpenSSL 1.0.2g  1 Mar 2016
    

    but for some reason while I issued command: dpkg --list openssh-server, it still gave me the previous version came with the machine:

    [email protected]:~# dpkg --list openssh-server
    Desired=Unknown/Install/Remove/Purge/Hold
    | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
    |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
    ||/ Name             Version              Architecture   Description
    +++-================-====================-==============-==========================
    ii  openssh-server   1:7.2p2-4ubuntu2.8   amd64          secure shell (SSH) server, 
                                                             for secure access from remote machines
    [email protected]:~#
    

    Could you please give me some hint of where I did wrong or where should I do extra to update the registry information on the machine? Or is it because we compiled the update rather than using system package manager so that there is ssh still missing update?

    Thanks.

  4. Madhu says:

    Although if you compile and install 7.9 successfully, this will not replace the existing sshd bin file (you can check with ssh -v localhost) , don’t know what’s the reason, but i had to rsync the compiled bin file to the existing sshd.

    OS: Ubuntu 18.04 LTS

    See the difference

    [email protected]:/home/it# /usr/local/sbin/sshd -V
    unknown option -- V
    OpenSSH_7.9p1, OpenSSL 1.1.0g  2 Nov 2017
    usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]
                [-E log_file] [-f config_file] [-g login_grace_time]
                [-h host_key_file] [-o option] [-p port] [-u len]
    
    [email protected]:/home/it# /usr/sbin/sshd -V
    unknown option -- V
    OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
    usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]
                [-E log_file] [-f config_file] [-g login_grace_time]
                [-h host_key_file] [-o option] [-p port] [-u len]
    

    I did rsync with below command (note: backup sshd bin file before you replace)

    # rsync -avP /usr/local/sbin/sshd /usr/sbin/sshd
    

    and then when i connect to ssh with debug (-v) it shows correct 7.9 version!.

    Just a doubt: is this way correct or anything more should be done?.

  5. Miro says:

    On Ubuntu 18.04 when enabling selinux and PAM throws errors :

    configure: error: SELinux support requires selinux.h header
    configure: error: PAM headers not found

    Needs this additionally installed:

    # apt install libselinux1-dev libpam0g-dev
    
  6. atomick says:

    one other caveat on linux there appears to be no prngd generator there is no info as to using replacement on Linux when working this type of additional number and cipher picks. Nice to see many methods and info towards this. It is hard finding a syntax example that works correctly.

    • atomick says:

      Aarons awesome.

      This method does work great Now testing 2nd fresh install on Mint 19.1 Mate. A pre-install of latest tarball zlib and openssl-1-1-1a, plain out tar .configure then follow these steps – worked 2nd time assembling the steps into a script (I can fire it up if wish) to stream Line this openssh-7.9p1 update. (PRNGD or EGD be nice for Linux).

      I’m simply brain crammed as to why distro crews do not keep zlib openssl and openssh always to their latest. This represents our security and integrity using these OS distros and saying its a Debian stable etc is just plain weak for older levels.

      Other just as cool distros keep their Updates ie: Latest for the important integrity of their works. Please get the message. Just a few more pkg adjustments and you can keep us all more happy users with your work. Cheers

  7. atomick says:

    I did manage to compile openssh-7.9p1 along with openssl and zlib. also without SElinux option or –sysconfdir=/etc/ssh – that didn’t seen to matter for the compile step – most likely I’m missing parts for correct compiling tools and library resource be my only thought to still seeing misses on the final ending.

    Work in progress – resorting to a Virtual Guest to attempt better learning steps. working to order logic zlib 1st openssl 2nd and openssh 3rd to raw compile. – BIG on my List to Wana Know is make clean and or “Re- runs to recompile and know I can remove my previous attempt to compile files and Start again. So when finally click with the right commandline and resources the end result will not be bloated scrap files around my system. ?

  8. atomick says:

    possibly only caveat I may ask of – is For what Starting Directory should this Process be started from – if existing ssh version is already installed – i.e: in one form where should could the openssh*.tar.gz “tarball” go to work this – ~/username/temp dir or /tmp system directory and apt-get Newest Version of openssh and have it be downloaded and gunzip’d there ?

  9. Adrian says:

    I had errors installing it, and had to remove “–with-selinux”

Leave a Reply to Sam Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.