openssh upgrading.
Chandra Kumara
chandra.kumara at shipxpress.com
Mon Nov 17 02:47:06 EST 2014
Hi Nico,
I couldn't connect to the server remotely not only to root but also any secondary user.
My issue was with "openssh-debuginfo" rpm. I used "yum remove openssh" and reinstall rpm build 6.2p2 version again (openssh, openssh-clients and openssh-server) except "openssh-debuginfo"
Then upgraded to 6.6p1 also and working fine.
This time i didn't use http://pkgs.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz to do rpm build, instead used,
sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" openssh.spec
sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" openssh.spec
sed -i -e "s/BuildPreReq/BuildRequires/g" openssh.spec
Regards,
Chandra Kumara, SSA
ShipXpress.
2315 Beach Blvd - Suite 104 || Jacksonville Beach, FL 32250
phone: +94 11 2826814/15 || website: http://www.shipxpress.com
-----Original Message-----
From: Nico Kadel-Garcia [mailto:nkadel at gmail.com]
Sent: Saturday, November 15, 2014 6:45 AM
To: Chandra Kumara
Cc: openssh at openssh.com; openssh-unix-announce at mindrot.org; openssh-unix-dev at mindrot.org
Subject: Re: openssh upgrading.
On Fri, Nov 14, 2014 at 1:32 PM, Chandra Kumara <chandra.kumara at shipxpress.com> wrote:
> Hi Openssh support,
>
>
>
> I have upgraded openssh from 5.3p1 to 6.2p2 in a RHEL 6.6 - 64 bit
> server and now i can't login to server remotely using same root
> password. It always prompting the password saying "Permission denied, please try again."
I just tried the 6.7p1 tarball with this procedure. Seems to work fine. The .spec file is missing the BuildRequires dependency of "/usr/bin/xmkmf" in the dependencies for the openssh-x11-aspass module, but othewise seems to work fine.
> Please help me to resolve the issue.
>
>
>
> Following are the steps i have followd.
>
>
>
> ----------------------------------------------------------------
>
> [root at test ~]# ssh -V
>
> OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
>
>
>
> [root at test ~]# cat /etc/redhat-release
>
> Red Hat Enterprise Linux Server release 6.6 (Santiago)
>
>
>
> [root at test ~]# rpm -qa |grep openssh
>
> openssh-server-5.3p1-104.el6.x86_64
>
> openssh-clients-5.3p1-104.el6.x86_64
>
> openssh-5.3p1-104.el6.x86_64
>
>
>
> yum install rpm-build
>
> yum install gcc glibc-devel pam-devel libX11-devel krb5-devel
> zlib-devel
>
> yum install openssh-devel openssl-devel tcp_wrappers-devel libXt-devel
> imake gtk2-devel
>
>
>
> wget
> http://ftp.spline.de/pub/OpenBSD/OpenSSH/portable/openssh-6.2p2.tar.gz
>
> wget
> http://pkgs.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.
> gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz
>
>
>
> tar zxvf openssh-6.2p2.tar.gz
>
> cp openssh-6.2p2/contrib/redhat/openssh.spec .
>
> rpmbuild -bb openssh.spec
>
>
>
> cp x11-ssh-askpass-1.2.4.1.tar.gz /root/rpmbuild/SOURCES/
>
> cp openssh-6.2p2.tar.gz /root/rpmbuild/SOURCES/
>
> cp openssh.spec /root/rpmbuild/SOURCES/
>
>
>
> rpmbuild -bb openssh.spec
>
>
>
> cd /root/rpmbuild/RPMS/x86_64/
>
> rpm -Uvh *
>
> /etc/init.d/sshd restart
>
>
>
> [root at test ~]# rpm -qa |grep openss
>
> openssl-devel-1.0.1e-30.el6_6.4.x86_64
>
> openssh-server-6.2p2-1.x86_64
>
> openssl-1.0.1e-30.el6_6.4.x86_64
>
> openssh-askpass-gnome-6.2p2-1.x86_64
>
> openssh-debuginfo-6.2p2-1.x86_64
>
> openssh-6.2p2-1.x86_64
>
> openssh-clients-6.2p2-1.x86_64
>
>
>
>
>
> [root at plutotest .ssh]# ssh -v root at 192.168.0.38
>
> OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
>
> debug1: Reading configuration data /etc/ssh/ssh_config
>
> debug1: Applying options for *
>
> debug1: Connecting to 192.168.0.38 [192.168.0.38] port 22.
>
> debug1: Connection established.
>
> debug1: permanently_set_uid: 0/0
>
> debug1: identity file /root/.ssh/identity type -1
>
> debug1: identity file /root/.ssh/identity-cert type -1
>
> debug1: identity file /root/.ssh/id_rsa type -1
>
> debug1: identity file /root/.ssh/id_rsa-cert type -1
>
> debug1: identity file /root/.ssh/id_dsa type -1
>
> debug1: identity file /root/.ssh/id_dsa-cert type -1
>
> debug1: Remote protocol version 2.0, remote software version
> OpenSSH_6.2
>
> debug1: match: OpenSSH_6.2 pat OpenSSH*
>
> debug1: Enabling compatibility mode for protocol 2.0
>
> debug1: Local version string SSH-2.0-OpenSSH_5.3
>
> debug1: SSH2_MSG_KEXINIT sent
>
> debug1: SSH2_MSG_KEXINIT received
>
> debug1: kex: server->client aes128-ctr hmac-md5 none
>
> debug1: kex: client->server aes128-ctr hmac-md5 none
>
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>
> debug1: Host '192.168.0.38' is known and matches the RSA host key.
>
> debug1: Found key in /root/.ssh/known_hosts:9
>
> debug1: ssh_rsa_verify: signature correct
>
> debug1: SSH2_MSG_NEWKEYS sent
>
> debug1: expecting SSH2_MSG_NEWKEYS
>
> debug1: SSH2_MSG_NEWKEYS received
>
> debug1: SSH2_MSG_SERVICE_REQUEST sent
>
> debug1: SSH2_MSG_SERVICE_ACCEPT received
>
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
>
> debug1: Next authentication method: gssapi-with-mic
>
> debug1: Unspecified GSS failure. Minor code may provide more
> information
>
> Cannot determine realm for numeric host address
>
>
>
> debug1: Unspecified GSS failure. Minor code may provide more
> information
>
> Cannot determine realm for numeric host address
>
>
>
> debug1: Unspecified GSS failure. Minor code may provide more
> information
>
>
>
>
>
> debug1: Unspecified GSS failure. Minor code may provide more
> information
>
> Cannot determine realm for numeric host address
>
>
>
> debug1: Next authentication method: publickey
>
> debug1: Trying private key: /root/.ssh/identity
>
> debug1: Trying private key: /root/.ssh/id_rsa
>
> debug1: Trying private key: /root/.ssh/id_dsa
>
> debug1: Next authentication method: password
>
> root at 192.168.0.38's password:
>
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
>
> Permission denied, please try again.
>
> root at 192.168.0.38's password:
>
> ----------------------------------------------------------------
>
> Regards,
>
> Chandra Kumara, SSA
>
> ShipXpress.
>
> 2315 Beach Blvd - Suite 104 || Jacksonville Beach, FL 32250
>
> phone: +94 11 2826814/15 || website: <http://www.shipxpress.com/>
> http://www.shipxpress.com
>
>
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list