Please help ssh updated ssh to 8.8

[Stephaniefrankdesign]

After open test instructions miskenly updated openssh to 8.8 following instructions on the intenet using this package and yum update

wget -c https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz

wget https://ftp.openssl.org/source/openssl-1.1.1g.tar.gz

Initially the upgrade worked

Then spoke to my service provider ukfast they said should not upgrade but only use fixed IP's.

Then the next pen test came up with loads of new security flaws so I tired to reverse what I had done.

Please could some one tell me concise instructions on how to install the defaults tries to use yum to untinistall and reinstall open ssl and opn ssh but they must be a config file pointing to new openssh-8.8p1 that I cannot find.

Please help my service provider will not help with this matter.

In this package there is a openssh-8.8p1/configure file.

Ideally I would completely remove openssh and start again with cpanel defaults

Thnak you Stephanie

 

[Stephaniefrankdesign]

Here are the exaxt lime I ran:

wget -c https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz
tar -xzf openssh-8.8p1.tar.gz
cd openssh-8.8p1/
yum install pam-devel libselinux-devel
./configure --with-md5-passwords --with-pam --with-selinux --with-privsep-path=/var/lib/sshd/ --sysconfdir=/etc/ssh
make
make install
cd ~
mv /usr/bin/openssl /usr/bin/openssl_old
wget https://ftp.openssl.org/source/openssl-1.1.1g.tar.gz
tar xzvf openssl-1.1.1g.tar.gz
cd openssl-1.1.1g/
./config shared && make && make install
ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/
yum install zlib-devel openssl-devel pam-devel -y
mkdir /etc/ssh_old
mv /etc/ssh/* /etc/ssh_old/
cd openssh-8.8p1/
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/lib64/ --with-zlib --with-pam --with-md5-password --with-ssl-engine --with-selinux
make && make install
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
/etc/init.d/sshd restart
systemctl daemon-reload
/etc/init.d/sshd restart

Some how I have borken all of cpanel now

 

[cPanelAnthony]

Hello! Due to the nature of the unsupported installation and removal of SSH 8.8, you might want to create a fresh server and migrate the domains. If cPanel is broken on the server, you should be able to ask your web hosting provider to open a support ticket with cPanel. There's a very good chance we would need to recommend re-imaging, a new server, or seeking a systems administrator. However, we would definitely be able to offer input and get you pointed in the right direction.

If your web hosting provider opens a cPanel ticket, please ask them for the ticket ID and then provide it for us in this thread so I can keep you updated.

 

[Stephaniefrankdesign]

Open ssh 8.8 is working well for a few months using the instruction above I am not sure what will happen after cpanel release actual upgrade. Cannot rember how I fixed