How to Install OpenSSL-3.3.0 and OpenSSH-9.7p1 on Ubuntu LTS 24 Server
CAUTION DON'T DO IT DIRECTLY ON LIVE PRODUCTION SERVER
When managing a server, security is paramount, and two critical tools for maintaining secure communication are OpenSSL and OpenSSH. OpenSSL provides essential cryptographic functions, while OpenSSH offers secure remote login capabilities. This guide will walk you through the installation of OpenSSL-3.3.0 and OpenSSH-9.7p1 on an Ubuntu LTS 24 server.
Installing OpenSSL-3.3.0
OpenSSL is a robust toolkit that provides essential cryptographic functions for securing communications. Here's how to install it on your Ubuntu server:
Step 1: Download OpenSSL
First, download the OpenSSL source package:
wget https://www.openssl.org/source/openssl-3.3.0.tar.gz
tar -xvzf openssl-3.3.0.tar.gz
cd openssl-3.3.0
Step 2: Configure OpenSSL
Next, configure the build environment:
./config --prefix=/usr \
--openssldir=/etc/ssl \
--libdir=lib \
shared \
zlib-dynamic
Step 3: Compile OpenSSL
Compile the package:
make
Step 4: Test OpenSSL
Testing the build is important to ensure everything is working correctly. Note that one test (30-test_afalg.t) might fail under certain conditions and can be ignored if it does:
HARNESS_JOBS=$(nproc) make test
Step 5: Install OpenSSL
Install OpenSSL and move the documentation to a versioned directory:
sed -i '/INSTALL_LIBS/s/libcrypto.a libssl.a//' Makefile
make MANSUFFIX=ssl install
mv -v /usr/share/doc/openssl /usr/share/doc/openssl-3.3.0
cp -vfr doc/* /usr/share/doc/openssl-3.3.0
Installing OpenSSH-9.7p1
OpenSSH is essential for secure remote login. Here's how to install it on your Ubuntu server:
Step 1: Download OpenSSH
Download the OpenSSH source package:
wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.7p1.tar.gz
tar -xvzf openssh-9.7p1.tar.gz
cd openssh-9.7p1
Step 2: Prepare the Environment
Prepare the environment for OpenSSH:
install -v -g sys -m700 -d /var/lib/sshd
groupadd -g 50 sshd
useradd -c 'sshd PrivSep' \
-d /var/lib/sshd \
-g sshd \
-s /bin/false \
-u 50 sshd
Step 3: Configure OpenSSH
Configure the build environment:
./configure --prefix=/usr \
--sysconfdir=/etc/ssh \
--with-privsep-path=/var/lib/sshd \
--with-default-path=/usr/bin \
--with-superuser-path=/usr/sbin:/usr/bin \
--with-pid-dir=/run
Step 4: Compile OpenSSH
Compile the package:
make
Step 5: Test OpenSSH
You can test the build with:
make -j1 tests
Step 6: Install OpenSSH
Install OpenSSH and its associated files:
make install
install -v -m755 contrib/ssh-copy-id /usr/bin
install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1
install -v -m755 -d /usr/share/doc/openssh-9.7p1
install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-9.7p1
Step 7: Configure OpenSSH
Edit the /etc/ssh/sshd_config to enhance security. For example, disable root login via SSH:
echo "PermitRootLogin no" >> /etc/ssh/sshd_config
To enable passwordless login, generate and distribute SSH keys:
ssh-keygen
ssh-copy-id -i ~/.ssh/id_ed25519.pub REMOTE_USERNAME@REMOTE_HOSTNAME
You can further secure SSH by disabling password authentication:
echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
echo "KbdInteractiveAuthentication no" >> /etc/ssh/sshd_config
Step 8: Enable PAM (Optional)
If using PAM, configure it as follows:
sed 's@d/login@d/sshd@g' /etc/pam.d/login > /etc/pam.d/sshd
chmod 644 /etc/pam.d/sshd
echo "UsePAM yes" >> /etc/ssh/sshd_config
Step 9: Start SSH Service
Ensure that the SSH service starts on boot:
systemctl enable sshd
systemctl start sshd
Conclusion
By following these steps, you will have installed and configured OpenSSL-3.3.0 and OpenSSH-9.7p1 on your Ubuntu LTS 24 server, enhancing its security for encrypted communications. Regularly update these tools to keep your system secure.