BestHub
search
Sign in
Information Security 4 min read

Step‑by‑Step Upgrade of Ubuntu 16 to OpenSSH 8.8 with OpenSSL and zlib

This guide provides step‑by‑step shell commands to upgrade Ubuntu 16’s OpenSSH to version 8.8, including installing required packages, compiling OpenSSL, zlib, and OpenSSH from source, and updating configuration files to enhance system security on the server.

Practical DevOps Architecture
Practical DevOps Architecture
Practical DevOps Architecture
Step‑by‑Step Upgrade of Ubuntu 16 to OpenSSH 8.8 with OpenSSL and zlib

This article presents a complete shell script for upgrading Ubuntu 16’s OpenSSH service to version 8.8, a process often performed to harden system security by updating SSH, SCP, and SFTP components.

First, it sets the working directory and installs the necessary build dependencies:

cmd=$(cd `dirname $0`;pwd)
for i in libzip-dev libssl-dev autoconf gcc g++ libxml2 make sysv-rc-conf vim
do
    apt install $i -y
done

It then extracts the source tarballs for OpenSSH, OpenSSL, and zlib:

for ii in openssh-8.8p1.tar.gz openssl-1.1.1l.tar.gz zlib-1.2.11.tar.gz
do
    tar zxf $ii -C $cmd
done

update_openssl() recompiles OpenSSL, replaces the old binaries, and updates the library links:

update_openssl(){
    mv /usr/bin/openssl /usr/bin/openssl.old
    mv /usr/include/openssl /usr/include/openssl.old
    apt purge openssl
    cd $cmd/openssl-1.1.1l && ./config --prefix=/usr/local --openssldir=/usr/local/openssl
    make && make install
    ln -s /usr/local/lib/libssl.so.1.1 /usr/lib/libssl.so.1.1
    ln -s /usr/local/lib/libcrypto.so.1.1 /usr/lib/libcrypto.so.1.1
    sed -i '1 a /usr/local' /etc/ld.so.conf.d/libc.conf
    ldconfig
}

update_zlib() builds and installs zlib from source:

update_zlib(){
    cd $cmd/zlib-1.2.11 && ./configure --prefix=/usr/local/zlib
    make && make install
}

update_openssh() backs up existing SSH configuration, stops the SSH service, removes the old package, configures the new source with required options, and installs it:

update_openssh(){
    cp /etc/ssh/ssh_config /etc/ssh/ssh_config_bak
    cp /etc/ssh/sshd_config /etc/ssh/sshd_config_bak
    service sshd stop
    apt purge ssh
    cd $cmd/openssh-8.8p1 && ./configure --prefix=/usr/local --sysconfdir=/etc/ssh --with-md5-passwords --with-zlib --with-ssl-dir=/usr/local --with-privsep-path=/var/lib/sshd
    make && make install
}

update_config() restores the configuration files, moves the old SSH binaries, creates symbolic links to the new binaries, sets proper permissions, and restarts the SSH daemon:

update_config(){
    yes|cp $cmd/sshd_config /etc/ssh/
    cd /usr/bin/ && mv ssh* sftp scp /tmp/
    ln -s /usr/local/bin/* /usr/bin/
    chmod 600 /etc/ssh/*
    systemctl daemon-reload
    systemctl start sshd
    sysv-rc-conf sshd
    sysv-rc-conf sshd on
    sysv-rc-conf --list sshd
    systemctl restart sshd
}

Finally, the script invokes the three update functions in order to complete the upgrade:

update_openssl
update_zlib
update_openssh
linuxsecurityupgradeshell scriptUbuntuOpenSSH
Practical DevOps Architecture
Written by

Practical DevOps Architecture

Hands‑on DevOps operations using Docker, K8s, Jenkins, and Ansible—empowering ops professionals to grow together through sharing, discussion, knowledge consolidation, and continuous improvement.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment