Hi, folks, I've got an older server which can't be upgraded to a current OS for $REASONS on which I need to update some or all of the openssh programs and utilities, specifically sftp. My thought is to either install it in /usr/local (or /usr/local/openssh) and have folks alter their paths, or build it there and use symlinks (probably the better choice) into /usr/bin. I'm tempted, though, to just move /usr/bin/sftp and install that and only that, if possible. Is it? Thanks, John A -- John Adams Linux/Middleware Administrator | Information Technology Services +1-501-916-3010 | jxadams at ualr.edu | http://ualr.edu/itservices *UA Little Rock* Reminder: IT Services will never ask for your password over the phone or in an email. Always be suspicious of requests for personal information that come via email, even from known contacts. For more information or to report suspicious email, visit IT Security <http://ualr.edu/itservices/security/>.
On Wed, 5 Dec 2018 at 08:40, John Adams <jxadams at ualr.edu> wrote:> Hi, folks, > > I've got an older server which can't be upgraded to a current OS for > $REASONS on which I need to update some or all of the openssh programs and > utilities, specifically sftp. > > My thought is to either install it in /usr/local (or > /usr/local/openssh) and have folks alter their paths, or build it there and > use symlinks (probably the better choice) into /usr/bin. >That should work; configurre's paths default to /usr/local and it should happily co-exist with older binaries in the system paths.> I'm tempted, though, to just move /usr/bin/sftp and install that and > only that, if possible. Is it? >Maybe, it depends on how old the system ssh is. sftp invokes ssh to make the connection and it is somewhat dependent on what arguments ssh(1) supports. sftp has the path to ssh hardcoded into it (_PATH_SSH_PROGRAM, which is set by configure) so you'd have to point that to your existing ssh binary, but if you do that and it can make a connection then it'll probably work fine. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
On Tue, Dec 4, 2018 at 4:39 PM John Adams <jxadams at ualr.edu> wrote:> > Hi, folks, > > I've got an older server which can't be upgraded to a current OS for > $REASONS on which I need to update some or all of the openssh programs and > utilities, specifically sftp. > > My thought is to either install it in /usr/local (or > /usr/local/openssh) and have folks alter their paths, or build it there and > use symlinks (probably the better choice) into /usr/bin.If you don't want to break your existing OpenSSH, put it in /usr/local/openssh-version/. Don't put the binaries in /usr/local/bin/ or the libraries in /usr/local/lib/, you'll wind up with conflicts with the default version. What is the OS you're working with? Some operating systems have alternative, packaged versions of OpenSSH available.> I'm tempted, though, to just move /usr/bin/sftp and install that and > only that, if possible. Is it? > > Thanks, > > John A > > -- > John Adams > Linux/Middleware Administrator | Information Technology Services > +1-501-916-3010 | jxadams at ualr.edu | http://ualr.edu/itservices > *UA Little Rock* > > Reminder: IT Services will never ask for your password over the phone or > in an email. Always be suspicious of requests for personal information that > come via email, even from known contacts. For more information or to > report suspicious email, visit IT Security > <http://ualr.edu/itservices/security/>. > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Thanks to all y'all for the help and advice. I ended up installing into /usr/local/openssh (I wish I'd thought to make it openssl-version, as suggested) and symlinking just sftp into /usr/bin. I think all is good now. On Tue, Dec 4, 2018 at 3:38 PM John Adams <jxadams at ualr.edu> wrote:> Hi, folks, > > I've got an older server which can't be upgraded to a current OS for > $REASONS on which I need to update some or all of the openssh programs and > utilities, specifically sftp. > > My thought is to either install it in /usr/local (or > /usr/local/openssh) and have folks alter their paths, or build it there and > use symlinks (probably the better choice) into /usr/bin. > > I'm tempted, though, to just move /usr/bin/sftp and install that and > only that, if possible. Is it? > > Thanks, > > John A > > -- > John Adams > Linux/Middleware Administrator | Information Technology Services > +1-501-916-3010 | jxadams at ualr.edu | http://ualr.edu/itservices > *UA Little Rock* > > Reminder: IT Services will never ask for your password over the phone or > in an email. Always be suspicious of requests for personal information that > come via email, even from known contacts. For more information or to > report suspicious email, visit IT Security > <http://ualr.edu/itservices/security/>. >-- John Adams Linux/Middleware Administrator | Information Technology Services +1-501-916-3010 | jxadams at ualr.edu | http://ualr.edu/itservices *UA Little Rock* Reminder: IT Services will never ask for your password over the phone or in an email. Always be suspicious of requests for personal information that come via email, even from known contacts. For more information or to report suspicious email, visit IT Security <http://ualr.edu/itservices/security/>.
On Wed, Dec 5, 2018 at 12:28 PM John Adams <jxadams at ualr.edu> wrote:> > Thanks to all y'all for the help and advice. I ended up installing into > /usr/local/openssh (I wish I'd thought to make it openssl-version, as > suggested) and symlinking just sftp into /usr/bin. I think all is good now.If you ever decide you want to keep multiple versions around and symlink in the active one, there is an old, old tool called "encap" that not only does that well, it links in man pages consistently and clears links from other versions of the same software package. It was incredibly many moons ago when I first ran multiple versions of openssh on the same machine. The last time I used it, I grabbed it from https://www.ks.uiuc.edu/Development/Computers/docs/sysadmin/Build/encap.html .
Apparently Analagous Threads
- SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) on Red Hat Enterprise Linux release 8.7 (Ootpa)
- Ten second intermittent delay on login
- SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) on Red Hat Enterprise Linux release 8.7 (Ootpa)
- Ten second intermittent delay on login
- Ten second intermittent delay on login