Skip to content

Instantly share code, notes, and snippets.

@jmenbo

jmenbo/upgrade_openssh_on_os_10.9.x.md

Last active March 8, 2024 19:46
Show Gist options
  • Star 13 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save jmenbo/c8d0e5ca4c9b539fcafa to your computer and use it in GitHub Desktop.
Save jmenbo/c8d0e5ca4c9b539fcafa to your computer and use it in GitHub Desktop.
Download ZIP
Manually upgrade OpenSSH on OS 10.9.x
Raw
upgrade_openssh_on_os_10.9.x.md

Manually upgrade OpenSSH on OS 10.9.x

NOTE: Installation and testing was done on a clean Mavericks (OS 10.9) installation

Install Brew:

Install Homebrew prereqs:

xcode-select --install

Install Homebrew

ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Enable Brew to override OSX system binaries

brew tap homebrew/dupes

Upgrade OpenSSL which is required for OpenSSH

brew install openssl

Upgrade OpenSSH

brew install openssh --with-brewed-openssl --with-keychain-support

Change default ssh-agent used by system

Make a backup of original plist file:

sudo cp /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist Desktop/

Edit the plist file:

sudo vim /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist

Replace the following two lines:

<string>/usr/bin/ssh-agent</string>
        <string>-l</string>

With this:

<string>/usr/local/bin/ssh-agent</string>
        <string>-D</string>
NOTE the dash before the D -D

Update the system to see the changes to the plist file:

launchctl unload /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist 
launchctl load -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist 
launchctl start org.openbsd.ssh-agent
launchctl list | grep org.openbsd.ssh

Replace the ssh system binary with a symlink to the new Brew'ed ssh binary

Backup the original binary:

sudo mv /usr/bin/ssh Desktop/

Create the symlink:

sudo ln -s /usr/local/bin/ssh /usr/bin/ssh

Add the following snipped to all users .bash_profile file

eval $(ssh-agent)
    function cleanup {
        echo \"Killing SSH-Agent\"
        kill -9 $SSH_AGENT_PID
    }
trap cleanup EXIT

Reboot the system:

sudo shutdown -r now

Check that system is using the new SSH version

ssh -V

Remove homebrew dupes

brew untap homebrew/dupes

REFERENCES:

http://brew.sh/

https://github.com/Homebrew/homebrew/blob/master/share/doc/homebrew/Installation.md

https://mochtu.de/2015/01/07/updating-openssh-on-mac-os-x-10-10-yosemite/

https://coderwall.com/p/qdwcpg/using-the-latest-ssh-from-homebrew-on-osx

http://www.dctrwatson.com/2013/07/how-to-update-openssh-on-mac-os-x/

http://blog.macromates.com/2006/keychain-access-from-shell/

http://www.lifeofguenter.de/2015/01/compile-openssh-67-with-libressl-on-osx.html

https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/security.1.html

https://github.com/torsten/keychain_access

@timka
Copy link

timka commented Mar 2, 2017

Keychain is not supported anymore https://github.com/Homebrew/homebrew-dupes/pull/482#issuecomment-118994372

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment