After my post a few months back on compiling a new version of OpenSSL on NetBSD, it occurred to me I don’t always configure the SSH daemon correctly on my test lab boxes. Even though I always install the latest version, I sometimes forget to ensure this is the version that starts on boot.
Even though sshd doesn’t have a switch for displaying the version, using the following will show you which is installed:
Despite upgrading to version 7.1, sshd is reporting as version 5.0. This is because the version that comes part of the core packages is being found first. Rather than delete those binaries (bad) or mess around with the path (worse), create /etc/rc.conf.d/sshd and add the following:
command=/usr/pkg/sbin/sshd sshd_flags="-f /etc/ssh/sshd_config" sshd=YES
Restart sshd using:
From a remote machine verify you are connecting to the correct version:
ssh -v yourhost
In the following instance you can see that the client version of SSH is 6.2 (Mac OS X 10.10) and the host’s sshd is version 7.1: