Operating System & Version
CentOS v7.9.2009 vmware
cPanel & WHM Version
v100.0.5
May 4, 2020
2
0
1
Manchester
cPanel Access Level
Root Administrator
After open test instructions miskenly updated openssh to 8.8 following instructions on the intenet using this package and yum update

wget -c https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz

wget https://ftp.openssl.org/source/openssl-1.1.1g.tar.gz

Initially the upgrade worked

Then spoke to my service provider ukfast they said should not upgrade but only use fixed IP's.

Then the next pen test came up with loads of new security flaws so I tired to reverse what I had done.

Please could some one tell me concise instructions on how to install the defaults tries to use yum to untinistall and reinstall open ssl and opn ssh but they must be a config file pointing to new openssh-8.8p1 that I cannot find.

Please help my service provider will not help with this matter.

In this package there is a openssh-8.8p1/configure file.

Ideally I would completely remove openssh and start again with cpanel defaults

Thnak you Stephanie
 
May 4, 2020
2
0
1
Manchester
cPanel Access Level
Root Administrator
Here are the exaxt lime I ran:

wget -c https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz
tar -xzf openssh-8.8p1.tar.gz
cd openssh-8.8p1/
yum install pam-devel libselinux-devel
./configure --with-md5-passwords --with-pam --with-selinux --with-privsep-path=/var/lib/sshd/ --sysconfdir=/etc/ssh
make
make install
cd ~
mv /usr/bin/openssl /usr/bin/openssl_old
wget https://ftp.openssl.org/source/openssl-1.1.1g.tar.gz
tar xzvf openssl-1.1.1g.tar.gz
cd openssl-1.1.1g/
./config shared && make && make install
ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/
yum install zlib-devel openssl-devel pam-devel -y
mkdir /etc/ssh_old
mv /etc/ssh/* /etc/ssh_old/
cd openssh-8.8p1/
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/lib64/ --with-zlib --with-pam --with-md5-password --with-ssl-engine --with-selinux
make && make install
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
/etc/init.d/sshd restart
systemctl daemon-reload
/etc/init.d/sshd restart

Some how I have borken all of cpanel now
 

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
1,031
99
103
Houston, TX
cPanel Access Level
Root Administrator
Hello! Due to the nature of the unsupported installation and removal of SSH 8.8, you might want to create a fresh server and migrate the domains. If cPanel is broken on the server, you should be able to ask your web hosting provider to open a support ticket with cPanel. There's a very good chance we would need to recommend re-imaging, a new server, or seeking a systems administrator. However, we would definitely be able to offer input and get you pointed in the right direction.

If your web hosting provider opens a cPanel ticket, please ask them for the ticket ID and then provide it for us in this thread so I can keep you updated.