Public

WeChat Login

Code Issues Pull requests Events Packages Insights

master

Branch

Tag

boypt<1033514+boypt@users.noreply.github.com>

sid: 10.2p1-3

e8e18827

170 commits

.github
builddep
output
.gitignore
README.md
compile.sh
install_deps.sh
lazy_install.sh
pullsrc.sh
version.env

Backport OpenSSH for Debian / Ubuntu distros.

A script to build openssh deb backport to older distros, using Debian sid sources

Similar Project: Backport OpenSSH RPM for CentOS

Current Version:

Package version are defined in version.env file.

Current version: (follows debian/sid automatically)

OpenSSH 10.2p1-3
OpenSSL 3.0.18

Supported (tested) Distro:

Ubuntu 24.04/22.04/20.04
Debian 13/trixie 12/bookworm 11/bullseye
UnionTech OS Desktop 20 Home (Debian GLIBC 2.28.21-1+deepin-1)
Kylin V10 SP1 (Ubuntu GLIBC 2.31-0kylin9.2k0.1)

Lazy Install

Github Action builds common distro DEBs.

If your server OS is in the supported list, you can download and install them in the server.

Release supported OSs

Debian bullseye(11) / bookworm(12) / trixie(13) - amd64/arm64
Ubuntu focal(20.04) / jammy(22.04) / noble(24.04) - amd64/arm64


sudo bash -c "$(curl -L https://github.com/boypt/openssh-deb/raw/master/lazy_install.sh)"

Or when the host needs a github proxy to access:


sudo bash -c "$(curl -L https://gh-proxy.com/github.com/boypt/openssh-deb/raw/master/lazy_install.sh)" @ gh-proxy.com

Direct Build


# Install Dependencies
./install_deps.sh

# pull source
./pullsrc.sh

# direct build
./compile.sh

Docker Build

Build without installing a bunch of dev packages, and build for different versions of distros.


# pull source from debian sid
./pullsrc.sh

# run with a docker image that fits your target system.
docker run --rm -v "$(pwd):/work" -w /work ubuntu:20.04 bash -c "./install_deps.sh && ./compile.sh"

# clean up docker image
docker builder prune

Using a APT mirror or proxy inside docker

using -e to set environment variables inside docker.


    docker run --rm -v "$(pwd):/work" -w /work \
        -e APT_MIRROR=mirrors.ustc.edu.cn \
        -e http_proxy=http://x.x.x.x \
        -e https_proxy=http://x.x.x.x \
        ubuntu:20.04 bash -c "./install_deps.sh && ./compile.sh"

Install DEBs

Generated DEBs are right under the output directory. (both direct build and docker build).


ls -l output/*.deb
sudo apt install -y output/*.deb

NOTES

Restore distro default version


sudo apt update
V=$(apt-cache madison ssh | awk 'NR==1 {print $3}')
sudo apt install --allow-downgrades -y \
    ssh=$V openssh-client=$V openssh-server=$V openssh-sftp-server=$V

Known issues

sshd-session issue

If installing backported openssh 9.8+ on older distros, some other programs may face problems while interacting with the openssh service. Since openssh-9.8, the subprocess name have changed from sshd to sshd-session.

Known programs with issue:

fail2ban
sshguard

Make sure to upgrade or reconfigure them to meet the latest changes.

fail2ban

change in filter.d/sshd.conf:


_daemon = sshd

into


_daemon = sshd(?:-session)?

Distro Issues

Extra steps are needed to install on some distros.

UnionTech OS Desktop 20 Home (Debian GLIBC 2.28.21-1+deepin-1)

Exclude libfido2-dev from the build Dependencies intall command, it's not available.
Install following packages from debian/bullseye.
- bullseye/dwz
- bullseye/dh-runit

Kylin V10 SP1 (Ubuntu GLIBC 2.31-0kylin9.2k0.1)

Run ./compile.sh from the desktop Terminal(mate-terminal).

During install the builddep/*.deb, a kysec_auth dialog would pop up asking for installing permissions. Manual click on the permit button is needed.

If running in a ssh session, the compile script would fail without permissions.