Our vulnerability reports show that our Macs are running OpenSSH 7.9 and need to be updated to 8.1. The OS is Mojave. This doesn't seem to be as straight forward as on A PC. Any ideas on how this is done?
$ brew install openssh -with-brewed-openssl -with-keychain-support. Like the caveat notes when brew finishes, you need to update the launchd plist for ssh-agent to use the new Homebrew binary. By replacing /usr/bin/ssh-agent with /usr/local/bin/ssh-agent $ launchctl stop org.openbsd.ssh-agent. In this article, I will show you how to install, customize and optimize SSH server on Arch Linux. Let’s get started. Installing SSH Server on Arch Linux. The name of the program that provides SSH server on Arch Linux is called OpenSSH Server. It is available in the official package repository of Arch Linux.
First thing to note is that ssh is not enabled by default on any install of OS X (excluding server, which is a now-dead version, as a separate build and customizations of OS X).
Upgrading is easy, use MacPorts (many will without question suggest homebrew, I prefer and recommend MacPorts based on historical - personal - experience).
https://ports.macports.org/port/openssh/summary
One would have to modify
/System/Library/LaunchDaemons/ssh.plist
to use said upgraded ssh (which will get installed via MacPorts - by default - to /opt/local ), which is no small task especially for Mojave, in which /System is protected by SIP.No-one with a meaningful knowledge of security and macOS (Mac OS X) will recommend disabling SIP. One might be able to do so temporarily, but that's another hill to climb/problem to solve.
Technically, you could leave the default installed openssh alone, but that will still get used when using the macOS GUI (System Preferences > Sharing) to enable ssh ('Remote Login'), unless you managed to edit the above-named plist to point to your updated version.
Install Ssh On Mac Terminal
I'm trying to build and install the latest openssl and openssh on
Tiger. I've trawled the archive and couldn't find anything that quite
matched my issue...
I installed openssl with './config --prefix=/usr/local
--openssldir=/usr/local/openssl' as was recommended somewhere else.
This appeared to work fine and make, make test and make install
reported no issues and appeared to install:
- libcrypto.a & libssl.a in /usr/local/lib
- include files in /usr/local/include/openssl
- sundries in /usr/local/openssl
Trying to run OpenSSH's config './configure --prefix=/usr/local
--with-ssl-dir=/usr/local/openssl' fails with 'Your OpenSSL headers do
not match your library'.
Another site recommended compiling the 'shared' libraries. I did this
with './config shared --prefix=/usr/local
--openssldir=/usr/local/openssl'. However make install fails because
the libs have a .dylib extension not .so. I manually copied these to
/usr/local/lib.
OpenSSH still gets the same error.
Any ideas on how to fix this? Thanks.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]