OpenSSL and OpenSSH upgrade process in linux environment

wget /source/openssl-3.0.

root@localhost:~# wget /source/openssl-3.0.
--2024-07-19 07:31:28--  /source/openssl-3.0.
Resolving  ()... 34.36.58.177, 2600:1901:0:1812::
Connecting to  ()|34.36.58.177|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: :443/openssl/openssl/releases/download/openssl-3.0.15/openssl-3.0. [following]
--2024-07-19 07:31:29--  /github-production-release-asset-2e65be/7634677/6ac36897-7f0a-4dc5-8d1c-3d8b0eab4f5d?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240719%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240719T073129Z&X-Amz-Expires=300&X-Amz-Signature=658f52e12bd883cbda4f7abcbac2508a5642bccc70baf8d159b4e39a31623702&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=7634677&response-content-disposition=attachment%3B%20filename%3Dopenssl-3.0.&response-content-type=application%2Foctet-stream
Resolving  ()... 185.199.111.133, 185.199.108.133, 185.199.109.133
Connecting to  ()|185.199.111.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 15305497 (15M) [application/octet-stream]
Saving to: ‘openssl-3.0.'

openssl-3.0.                  100%[===========================================================================>]  14.60M  81.0KB/s    in 4m 17s  

2024-07-19 07:35:48 (58.1 KB/s) - ‘openssl-3.0.' saved [15305497/15305497]

apt-get install -y build-essential

root@localhost:/opt/openssl-3.0.15# apt-get install -y build-essential
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  bzip2 cpp cpp-11 dpkg-dev fakeroot fontconfig-config fonts-dejavu-core g++ g++-11 gcc gcc-11 gcc-11-base libalgorithm-diff-perl
  libalgorithm-diff-xs-perl libalgorithm-merge-perl libasan6 libatomic1 libc-dev-bin libc-devtools libc6-dev libcc1-0 libcrypt-dev libdeflate0
  libdpkg-perl libfakeroot libfile-fcntllock-perl libfontconfig1 libgcc-11-dev libgd3 libgomp1 libisl23 libitm1 libjbig0 libjpeg-turbo8 libjpeg8 liblsan0
  libmpc3 libnsl-dev libquadmath0 libstdc++-11-dev libtiff5 libtirpc-dev libtsan0 libubsan1 libwebp7 libxpm4 linux-libc-dev lto-disabled-list make
  manpages-dev rpcsvc-proto
Suggested packages:
  bzip2-doc cpp-doc gcc-11-locales debian-keyring g++-multilib g++-11-multilib gcc-11-doc gcc-multilib autoconf automake libtool flex bison gdb gcc-doc
  gcc-11-multilib glibc-doc bzr libgd-tools libstdc++-11-doc make-doc

yum install perl-IPC-Cmd perl-Data-Dumper gcc gcc-c++ perl perl-devel -y

tar -xf openssl-3.0. -C /opt/

cd /opt/openssl-3.0.15

./config --prefix=/usr/local/openssl

root@localhost:~# tar -xf openssl-3.0. -C /opt/
root@localhost:~# cd /opt/openssl-3.0.15/
root@localhost:/opt/openssl-3.0.15# ./config --prefix=/usr/local/openssl
Configuring OpenSSL version 3.0.15 for target linux-x86_64
Using os-specific seed configuration
Created 
Running 
Created 
Created Makefile
Created include/openssl/

**********************************************************************
***                                                                ***
***   OpenSSL has been successfully configured                     ***
***                                                                ***
***   If you encounter a problem while building, please open an    ***
***   issue on GitHub </openssl/openssl/issues>  ***
***   and include the output from the following command:           ***
***                                                                ***
***       perl  --dump                                ***
***                                                                ***
***   (If you are new to OpenSSL, you might want to consult the    ***
***   'Troubleshooting' section in the  file first)      ***
***                                                                ***
**********************************************************************

make && make install

root@localhost:/opt/openssl-3.0.15# make && make install
/usr/bin/perl "-I." -Mconfigdata "util/" "-oMakefile" include/crypto/bn_conf. > include/crypto/bn_conf.h
/usr/bin/perl "-I." -Mconfigdata "util/" "-oMakefile" include/crypto/dso_conf. > include/crypto/dso_conf.h
/usr/bin/perl "-I." -Mconfigdata "util/" "-oMakefile" include/openssl/ > include/openssl/
/usr/bin/perl "-I." -Mconfigdata "util/" "-oMakefile" include/openssl/ > include/openssl/
/usr/bin/perl "-I." -Mconfigdata "util/" "-oMakefile" include/openssl/ > include/openssl/
/usr/bin/perl "-I." -Mconfigdata "util/" "-oMakefile" include/openssl/ > include/openssl/

mv /usr/bin/openssl /usr/bin/openssl_bak

cp /usr/local/openssl/bin/openssl /usr/bin/

echo ‘/usr/local/openssl/lib64/' >> /etc/

ldconfig

root@localhost:/opt/openssl-3.0.15# mv /usr/bin/openssl /usr/bin/openssl_bak
root@localhost:/opt/openssl-3.0.15# cp /usr/local/openssl/bin/openssl  /usr/bin/
root@localhost:/opt/openssl-3.0.15# echo "/usr/local/openssl/lib64/" >> /etc/
root@localhost:/opt/openssl-3.0.15# ldconfig

openssl version

root@localhost:/usr/local/openssl/lib64# openssl version
OpenSSL 3.0.15 3 Sep 2024 (Library: OpenSSL 3.0.15 3 Sep 2024)

root@localhost:/opt/openssl-3.0.15# openssl version
openssl: /lib/x86_64-linux-gnu/.3: version `OPENSSL_3.0.9' not found (required by openssl)

root@localhost:/opt/openssl-3.0.15# cd /usr/local/openssl/lib64/
root@localhost:/usr/local/openssl/lib64# ll
total 16636
drwxr-xr-x 5 root root    4096 Jul 19 07:49 ./
drwxr-xr-x 7 root root    4096 Jul 19 07:50 ../
drwxr-xr-x 2 root root    4096 Jul 19 07:49 engines-3/
-rw-r--r-- 1 root root 9541222 Jul 19 07:49 
lrwxrwxrwx 1 root root      14 Jul 19 07:49  -> .3*
-rwxr-xr-x 1 root root 5383824 Jul 19 07:49 .3*
-rw-r--r-- 1 root root 1268762 Jul 19 07:49 
lrwxrwxrwx 1 root root      11 Jul 19 07:49  -> .3*
-rwxr-xr-x 1 root root  813928 Jul 19 07:49 .3*
drwxr-xr-x 2 root root    4096 Jul 19 07:49 ossl-modules/
drwxr-xr-x 2 root root    4096 Jul 19 07:49 pkgconfig/

root@localhost:/usr/local/openssl/lib64# mv /lib/x86_64-linux-gnu/.3 /root/
root@localhost:/usr/local/openssl/lib64# cp .3 /lib/x86_64-linux-gnu/
root@localhost:/usr/local/openssl/lib64# openssl version
OpenSSL 3.0.15 3 Sep 2024 (Library: OpenSSL 3.0.15 3 Sep 2024)

wget
/pub/OpenBSD/OpenSSH/portable/openssh-9.

apt-get install -y zlib1g-dev libpam0g-dev

root@localhost:~#  apt-get install -y  zlib1g-dev libpam0g-dev
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  libpam0g-dev zlib1g-dev
0 upgraded, 2 newly installed, 0 to remove and 67 not upgraded.
Need to get 281 kB of archives.
After this operation, 1,010 kB of additional disk space will be used.
Get:1 /ubuntu jammy-updates/main amd64 libpam0g-dev amd64 1.4.0-11ubuntu2.4 [117 kB]
Get:2 /ubuntu jammy-updates/main amd64 zlib1g-dev amd64 1:1.2.-2ubuntu9.2 [164 kB]
Fetched 281 kB in 2s (142 kB/s)

yum install zlib-devel pam-devel -y

tar xf openssh-9. -C /opt/
cd /opt/openssh-9.9p1

./configure --prefix=/usr/local/openssh
–with-ssl-dir=/usr/local/openssl --sysconfdir=/etc/ssh --with-pam --with-gssapi --with-rsa --with-rhosts-allowed --with-zlib --with-md5-passwords

make && make install

/usr/local/openssh/bin/ssh -V

root@localhost:/usr/local/openssh# ./bin/ssh -V
OpenSSH_9.9p1, OpenSSL 3.0.15 3 Sep 2024

mv /usr/sbin/sshd /usr/sbin/sshd_bak
mv /usr/bin/ssh /usr/bin/ssh_bak
mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen_bak

cp -rf /usr/local/openssh/sbin/sshd /usr/sbin/sshd
cp -rf /usr/local/openssh/bin/ssh /usr/bin/ssh
cp -rf /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen

systemctl restart sshd

root@localhost:/usr/local/openssh# systemctl restart  
root@localhost:/usr/local/openssh# ssh -V
OpenSSH_9.9p1, OpenSSL 3.0.15 3 Sep 2024

systemctl status 

Permissions 0640 for'/etc/ssh/*****.key' are too open.

systemctl restart sshd