How to upgrade SSH/SSL on AIX servers?

System_Admin_77 · May 5, 2014, 3:24pm

Hello,

Can you please give some info on how to upgrade the SSH/SSL on AIX LPARs?

we've the below version on our servers.

[root@mylpar]/>lslpp -l | grep -i ssh
  openssh.base.client     5.8.0.6102  COMMITTED  Open Secure Shell Commands
  openssh.base.server     5.8.0.6102  COMMITTED  Open Secure Shell Server
  openssh.license         5.8.0.6102  COMMITTED  Open Secure Shell License
  openssh.man.en_US       5.8.0.6102  COMMITTED  Open Secure Shell
  openssh.msg.en_US       5.8.0.6102  COMMITTED  Open Secure Shell Messages -
  openssh.base.client     5.8.0.6102  COMMITTED  Open Secure Shell Commands
  openssh.base.server     5.8.0.6102  COMMITTED  Open Secure Shell Server
 
[root@mylpar]/>lslpp -l | grep ssl
  openssl.base            0.9.8.1800  COMMITTED  Open Secure Socket Layer
  openssl.man.en_US       0.9.8.1800  COMMITTED  Open Secure Socket Layer
  openssl.base            0.9.8.1800  COMMITTED  Open Secure Socket Layer

[root@mylpar]/>ssh -V
OpenSSH_5.8p1, OpenSSL 0.9.8r 8 Feb 2011

Will it be updated, If i upgrade the TL to the latest version. and Can you please suggest where to download these packages related to AIX. Please advise.

Any idea is appreciated.

Thank you.

---------- Post updated at 03:24 PM ---------- Previous update was at 10:49 AM ----------

Just an update to my post/thread. It might be useful for others.

I found below steps online/blog; please correct it if needed.

Steps below to remove current version of openssh and install the new version ( make sure connected through telnet or on console):

Make a copy current /etc/ssh directory
# cp -r /etc/ssh /etc/ssh.backup
Remove current version of openssh
# installp -u openssh.*
Remove all existing versions of openssl using smitty(installp as above)or even rpm

# rpm -qa | grep -i ssl 
# rpm -e <openssl label>

OR

# installp -u openssl*

Download latest version of openssl and openssh

Please download and install latest OpenSSL

The latest OpenSSH

Install openssl and openssh
Both openssl and openssh are installp images.

Use smitty to install openssl first and then openssh.

Here are the detailed installation instructions:

a) Inside the directory where the installp images reside, run 'inutoc' to create table of content file
# inutoc .

b) Use this fast path to access smitty install menu:

# smitty install_selectable_all 

- Enter the directory where the files reside and hit Return key 
- At the next screen, you are prompted for "software to install" 
-- Hit F4 key to display a list of files to install 
-- Select all relevant files and hit Return key 
-- Change "accept new license agreement" from no to yes 
-- Continue with install

After a successful installation of openssh, the sshd daemon will be active and you will have a working ssh server.

And i found the IBM link for downloading latest ssh/ssl filesets
https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp

Please mark it as SOLVED, in case if the above procedure is correct.

thank you.

spacebar · May 5, 2014, 3:39pm

Check out this info:
Get the latest version of OpenSSH for AIX
Updating openssl and openssh | linuxpassion2