I have a server Ubuntu 14.04 which initially had OpenSSH 6.6 and OpenSSL 1.0.1f installed, and with these commands, i updated openSSH:

sudo apt install -y build-essential libssl-dev zlib1g-dev
wget "https://mirror.edgecast.com/pub/OpenBSD/OpenSSH/portable/openssh-7.4p1.tar.gz"
tar xfz openssh-7.4p1.tar.gz
cd openssh-7.4p1
./configure
make
sudo make install && sudo service ssh restart && ssh -V

After that, i have an output of:

OpenSSH_7.4p1, OpenSSL 1.0.1f

The thing is that i have updated openSSL separately after that, with these commands:

sudo wget "https://www.openssl.org/source/openssl-1.0.2n.tar.gz"
tar xfz openssl-1.0.2n.tar.gz
cd openssl-1.0.2n/
./config
make
sudo make install

After that, i run: openssl version and i get:

OpenSSL 1.0.2n

but ssh -V shows:

OpenSSH_7.4p1, OpenSSL 1.0.1f

Is there a way of having ssh -V returning OpenSSH_7.4p1, OpenSSL 1.0.2n?

Thanks in advance!

CodePudding user response：

As per OpenSSH INSTALL instructions: LibreSSL/OpenSSL should be compiled as a position-independent library (i.e. with -fPIC) otherwise OpenSSH will not be able to link with it.

Update your OpenSSL ./config command to include -fPIC no-shared:

sudo wget "https://www.openssl.org/source/openssl-1.0.2n.tar.gz"
tar xfz openssl-1.0.2n.tar.gz
cd openssl-1.0.2n/
./config -fPIC no-shared
make
sudo make install

You may have to run "make clean && make dclean" before recompiling and installing OpenSSL

CodePudding user response：

System need to know where the new version of openssl is, try :

cd openssl-1.0.2n/
./config --prefix=/usr/local --openssldir=/usr/local/openssl shared
make clean && make && make install
openssl version
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
ldconfig -v

export LD_LIBRARY_PATH=/usr/local/lib

Then cd into openssh directory, clean and rebuild.