openssh upgrading.

Nico Kadel-Garcia nkadel at gmail.com
Mon Nov 17 03:49:36 EST 2014


On Sun, Nov 16, 2014 at 10:47 AM, Chandra Kumara
<chandra.kumara at shipxpress.com> wrote:
> Hi Nico,
>
> I couldn't connect to the server remotely not only to root but also any secondary user.
>
> My issue was with "openssh-debuginfo" rpm. I used "yum remove openssh" and reinstall rpm build 6.2p2 version again (openssh, openssh-clients and openssh-server) except "openssh-debuginfo"

You mean that installing openssh-debuginfo broke it? And uninstalling
openssh-debuginfo fixed it?

> Then upgraded to 6.6p1 also and working fine.

Why are you continuing to use out of date releases? 6.7p1 is out and
in production use.

> This time i didn't use http://pkgs.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz to do rpm build, instead used,
>
> sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" openssh.spec
> sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" openssh.spec
> sed -i -e "s/BuildPreReq/BuildRequires/g" openssh.spec

You could have just reset the 'define' statements to have value '1'

           %define no_gnome_askpass 1
           %define no_x11_askpass 1

That way, your SRPM would still have the relevant tarball if you want
it. Becasue, you see, that 'BuildPreReq' also cleared outer
prereqs.such as 'glibc-devel' and 'pam'. So you actually wound up
changing several things more than you needed.

And in fact, there is a 'build6x'  option you may want to set for your
operating system.

>
> Regards,
> Chandra Kumara, SSA
> ShipXpress.
> 2315 Beach Blvd - Suite 104 || Jacksonville Beach, FL 32250
> phone: +94 11 2826814/15 || website: http://www.shipxpress.com
>
> -----Original Message-----
> From: Nico Kadel-Garcia [mailto:nkadel at gmail.com]
> Sent: Saturday, November 15, 2014 6:45 AM
> To: Chandra Kumara
> Cc: openssh at openssh.com; openssh-unix-announce at mindrot.org; openssh-unix-dev at mindrot.org
> Subject: Re: openssh upgrading.
>
> On Fri, Nov 14, 2014 at 1:32 PM, Chandra Kumara <chandra.kumara at shipxpress.com> wrote:
>> Hi Openssh support,
>>
>>
>>
>> I have upgraded openssh from 5.3p1 to 6.2p2 in a RHEL 6.6 - 64 bit
>> server and now i can't login to server remotely using same root
>> password. It always prompting the password saying  "Permission denied, please try again."
>
> I just tried the 6.7p1 tarball with this procedure. Seems to work fine. The .spec file is missing the BuildRequires dependency of "/usr/bin/xmkmf" in the dependencies for the openssh-x11-aspass module, but othewise seems to work fine.
>
>
>> Please help me to resolve the issue.
>>
>>
>>
>> Following are the steps i have followd.
>>
>>
>>
>> ----------------------------------------------------------------
>>
>> [root at test ~]# ssh -V
>>
>> OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
>>
>>
>>
>> [root at test ~]# cat /etc/redhat-release
>>
>> Red Hat Enterprise Linux Server release 6.6 (Santiago)
>>
>>
>>
>> [root at test ~]# rpm -qa |grep openssh
>>
>> openssh-server-5.3p1-104.el6.x86_64
>>
>> openssh-clients-5.3p1-104.el6.x86_64
>>
>> openssh-5.3p1-104.el6.x86_64
>>
>>
>>
>> yum install rpm-build
>>
>> yum install gcc glibc-devel pam-devel libX11-devel krb5-devel
>> zlib-devel
>>
>> yum install openssh-devel openssl-devel tcp_wrappers-devel libXt-devel
>> imake gtk2-devel
>>
>>
>>
>> wget
>> http://ftp.spline.de/pub/OpenBSD/OpenSSH/portable/openssh-6.2p2.tar.gz
>>
>> wget
>> http://pkgs.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.
>> gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz
>>
>>
>>
>> tar zxvf openssh-6.2p2.tar.gz
>>
>> cp openssh-6.2p2/contrib/redhat/openssh.spec .
>>
>> rpmbuild -bb openssh.spec
>>
>>
>>
>> cp x11-ssh-askpass-1.2.4.1.tar.gz /root/rpmbuild/SOURCES/
>>
>> cp openssh-6.2p2.tar.gz /root/rpmbuild/SOURCES/
>>
>> cp openssh.spec /root/rpmbuild/SOURCES/
>>
>>
>>
>> rpmbuild -bb openssh.spec
>>
>>
>>
>> cd /root/rpmbuild/RPMS/x86_64/
>>
>> rpm -Uvh *
>>
>> /etc/init.d/sshd restart
>>
>>
>>
>> [root at test ~]# rpm -qa |grep openss
>>
>> openssl-devel-1.0.1e-30.el6_6.4.x86_64
>>
>> openssh-server-6.2p2-1.x86_64
>>
>> openssl-1.0.1e-30.el6_6.4.x86_64
>>
>> openssh-askpass-gnome-6.2p2-1.x86_64
>>
>> openssh-debuginfo-6.2p2-1.x86_64
>>
>> openssh-6.2p2-1.x86_64
>>
>> openssh-clients-6.2p2-1.x86_64
>>
>>
>>
>>
>>
>> [root at plutotest .ssh]# ssh -v root at 192.168.0.38
>>
>> OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
>>
>> debug1: Reading configuration data /etc/ssh/ssh_config
>>
>> debug1: Applying options for *
>>
>> debug1: Connecting to 192.168.0.38 [192.168.0.38] port 22.
>>
>> debug1: Connection established.
>>
>> debug1: permanently_set_uid: 0/0
>>
>> debug1: identity file /root/.ssh/identity type -1
>>
>> debug1: identity file /root/.ssh/identity-cert type -1
>>
>> debug1: identity file /root/.ssh/id_rsa type -1
>>
>> debug1: identity file /root/.ssh/id_rsa-cert type -1
>>
>> debug1: identity file /root/.ssh/id_dsa type -1
>>
>> debug1: identity file /root/.ssh/id_dsa-cert type -1
>>
>> debug1: Remote protocol version 2.0, remote software version
>> OpenSSH_6.2
>>
>> debug1: match: OpenSSH_6.2 pat OpenSSH*
>>
>> debug1: Enabling compatibility mode for protocol 2.0
>>
>> debug1: Local version string SSH-2.0-OpenSSH_5.3
>>
>> debug1: SSH2_MSG_KEXINIT sent
>>
>> debug1: SSH2_MSG_KEXINIT received
>>
>> debug1: kex: server->client aes128-ctr hmac-md5 none
>>
>> debug1: kex: client->server aes128-ctr hmac-md5 none
>>
>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>>
>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>>
>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>>
>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>>
>> debug1: Host '192.168.0.38' is known and matches the RSA host key.
>>
>> debug1: Found key in /root/.ssh/known_hosts:9
>>
>> debug1: ssh_rsa_verify: signature correct
>>
>> debug1: SSH2_MSG_NEWKEYS sent
>>
>> debug1: expecting SSH2_MSG_NEWKEYS
>>
>> debug1: SSH2_MSG_NEWKEYS received
>>
>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>>
>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>>
>> debug1: Authentications that can continue:
>> publickey,gssapi-with-mic,password
>>
>> debug1: Next authentication method: gssapi-with-mic
>>
>> debug1: Unspecified GSS failure.  Minor code may provide more
>> information
>>
>> Cannot determine realm for numeric host address
>>
>>
>>
>> debug1: Unspecified GSS failure.  Minor code may provide more
>> information
>>
>> Cannot determine realm for numeric host address
>>
>>
>>
>> debug1: Unspecified GSS failure.  Minor code may provide more
>> information
>>
>>
>>
>>
>>
>> debug1: Unspecified GSS failure.  Minor code may provide more
>> information
>>
>> Cannot determine realm for numeric host address
>>
>>
>>
>> debug1: Next authentication method: publickey
>>
>> debug1: Trying private key: /root/.ssh/identity
>>
>> debug1: Trying private key: /root/.ssh/id_rsa
>>
>> debug1: Trying private key: /root/.ssh/id_dsa
>>
>> debug1: Next authentication method: password
>>
>> root at 192.168.0.38's password:
>>
>> debug1: Authentications that can continue:
>> publickey,gssapi-with-mic,password
>>
>> Permission denied, please try again.
>>
>> root at 192.168.0.38's password:
>>
>> ----------------------------------------------------------------
>>
>> Regards,
>>
>> Chandra Kumara, SSA
>>
>> ShipXpress.
>>
>> 2315 Beach Blvd - Suite 104 || Jacksonville Beach, FL 32250
>>
>> phone: +94 11 2826814/15 || website:  <http://www.shipxpress.com/>
>> http://www.shipxpress.com
>>
>>
>>
>> _______________________________________________
>> openssh-unix-dev mailing list
>> openssh-unix-dev at mindrot.org
>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>


More information about the openssh-unix-dev mailing list