Upgrading openssh to 6.5 on centOS 5 machine

Phil Pennock phil.pennock at globnix.org
Wed Mar 12 15:22:42 EST 2014


On 2014-03-11 at 18:41 -0700, Sachin Gupta wrote:
> Thanks lain for your help !!!
> 
> I have created and installed openssh 6.5 on my box.
> But my sshd exits with following message.
> 
> /etc/ssh/sshd_config: line 10: Bad configuration option: PermitPAMUserChange
> /etc/ssh/sshd_config: terminating, 1 bad configuration options.
> 
> Please help.

Audit your existing install to find out which patches had been applied.

If you connect to port 22 with a plain TCP connection (netcat, nc, or at
a pinch telnet[*]) then you should see a list of patches as part of the
connection banner.  Or invoke the existing sshd, with a full path and
the -d option and look at the first few lines of output.  Or do both,
and also use your package management tools (rpm) to look at changelog
details for the previously-installed software to see what might have
been added.

You probably want to examine the third-party patch available from:

  http://grid.ncsa.illinois.edu/ssh/

If you have enabled this option and have been running with a very old
sshd then you should also fix your site's operational processes to make
sure that you're getting vendor security notifications for software and
patches which you rely upon.  There was a security advisory last April:

  http://grid.ncsa.illinois.edu/ssh/pamuserchange-2013-01.adv

If you're not building an unmodified sshd (or working on getting a patch
you developed yourself incorporated) then you probably want to look
elsewhere for vendor support -- the volunteers here aren't really the
people to ask help deal with issues from third-party modifications.

-Phil

[*] pedants: yes, I know telnet is a protocol layered above TCP; still,
    the telnet client is the easiest and most readily and portably
    available and mostly works for people


More information about the openssh-unix-dev mailing list