VMware Cloud Community
Arindom03
Contributor
Contributor
‎01-23-2016 07:40 PM

Update OpenSSH version of ESXi host 5.5 3116895

Hi All,

Currently we have SSH version 5.6 p1 on ESXi hosts. As there are some vulnerabilities detected with that version of OpenSSH, we want to update the OpenSSH version from 5.6 p1 to 7.1. We have tried to install the new version from a .tar file, but without success. We have kept the tar file in one of the datastores, and extracted that on that datastore. However as per the instructions, when we are typing the "make" command, to install it, its saying "-ash: make: not found". Is there any other way to update OpenSSH version on ESXi 5.5 3116895?

0 Kudos
2 Replies
JarryG
Expert
Expert
‎01-24-2016 10:32 AM

ESXi is *NOT* fully functional OS. It has been stripped down to absolute minimum necessary for hypervisor, so it does not have "make", or libraries, compilers, linker, etc. You can not install new packages from sources, and compile it on ESXi.

You could install new/updated binaries, but you have to prepare binary somewhere else. And if you want to update built-in ssh, you have to prepare vib-package, which is not trivial task. Honestly, I recommend you first read something about it. But I think the best way to update ssh is to wait till there is new patch for ESXi, with updated version of ssh.

_____________________________________________ If you found my answer useful please do *not* mark it as "correct" or "helpful". It is hard to pretend being noob with all those points! 😉
0 Kudos
cyberfed2727
Enthusiast
Enthusiast
‎01-28-2016 01:56 PM

The common mistake people make is thinking that ESXi is a Linux Kernel or Linux OS. It's not. ESXi is its own Kernel that was written by VMware. It may borrow some linux like commands and folder structures but it does not behave like a full blown Linux kernel.

As someone else stated its not supported by VMware or even possible in most cases to update sections of ESXi manually unless VMware puts out a patch for it themselves. Most of us have struggled with security threats coming up on scans that say "update OpenSSH, or Apache" ect...but they are baked into the system and cannot be updated like true standalone applications. You risk the chance of creating a bigger unsupported mess. Stick to the official VMware releases. My opinion.

0 Kudos