LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   need help upgrading openssh 3.7.1p1.*rpm (https://www.linuxquestions.org/questions/linux-security-4/need-help-upgrading-openssh-3-7-1p1-%2Arpm-103452/)

joesbox 10-13-2003 12:04 PM
need help upgrading openssh 3.7.1p1.*rpm
 
i am in dire need of upgrading my openssh. my lan shop has pinged my puter with having unsecure ssh and they want me to have 3.7.1p1. i went to the RH site and found 3.1p1-13.i386.rpm for RH7.1(the server i want to upgrade)
now if this will create the same patches as 3.7.1p1 then that is all fine and dandy but my lan shop only worries about numbers. if they don't get 3.7* then i will be locked out of the system until i get the upgrade that they want.

when i try and upgrade my RH9 server i get dependencies problems
Code:
#rpm -Uvhi openssh.new.rpm
openssh-server.old requires openssh.old.rpm
openssh-client.old requires  openssh.old.rpm
openssh-askpass.old requires openssh.old.rpm
openssh-askpass-gnome.old requires openssh.old.rpm
when i try and upgrad the new sshd or client or askpass's i get that they require openssh.new.rpm

what can i do???

chort 10-13-2003 12:31 PM
Download the source from openssh.org and compile? By the way, it should be OpenSSH 3.7.1p2 I think.

joesbox 10-13-2003 12:39 PM
when i did that it left the sshd alone. i checked the sshd version from another box by doing this

Code:
ssh -v <insert ip of interested box>
and i got this
Code:
# ssh -v 127.0.0.1
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to *.*.*.* [*.*.*.*] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.5.2p2
debug1: match: OpenSSH_2.5.2p2 pat OpenSSH_2.5.0*,OpenSSH_2.5.1*,OpenSSH_2.5.2*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 131/256
debug1: bits set: 1047/2049
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
The authenticity of host '*.*.*.* (*.*.*.*)' can't be established.
RSA key fingerprint is 8a:e6:07:8b:64:70:19:28:3b:fa:3c:25:f0:21:e1:ac.
Are you sure you want to continue connecting (yes/no)?
all * are to keep secure my ip but it is the RH7.1 box

unSpawn 10-13-2003 01:14 PM
"rpm -qa | grep -ie openssh" and upgrade all those rpm's.
Sshd is in openssh-server-3.7.1p2-1.i386.rpm.

joesbox 10-13-2003 01:29 PM
update******
i was able to upgrade the rh9 server. all i got to do is upgrade about a few hundred packages for the rh7.1 server that the new openssh depends on. thanks for everything guys/gals. thanks for the help.

oh yeah, what was the fix?? i was trying to
Code:
rpm -Uvh

'instead of '

rpm -Fvh
the rpms.

chort 10-13-2003 02:36 PM
If you really did make install for the openssh source, look to see where it put the binaries. Likely they're in /usr/local/bin rather than the normal location. All you had to do was change your Sys V init script to point to the new binary. On my systems where I built from source, I actually moved all the old binaries to a backup directory and symlinked the old location to the new binaries.

You will of course need to stop and start the service after installing the new binaries that you compiled.

Easyrider 03-16-2004 04:11 PM
I am having the same problems as the OP. I suppose I could download and compile the latest which is what I will probably do if I can't get the RPM approach to work. My servers are 15 miles away in colo so it's always risky fooling with ssh.

I am currently at openssh 3.1p1 on RH 7.3. I downloaded the 3.7p1 srpm and it seemed to rebuild ok. But when I tried to rpm -Fvh the rpm file, I got complaints about dependencies for a lot of 3.1p - 14 stuff.

I came out of a Solaris environment so I am pretty new with rpms. My guess is that I am overlooking something pretty basic.

TIA!

chort 03-16-2004 08:27 PM
Quote:
Originally posted by joesbox
update******
i was able to upgrade the rh9 server. all i got to do is upgrade about a few hundred packages for the rh7.1 server that the new openssh depends on. thanks for everything guys/gals. thanks for the help.

oh yeah, what was the fix?? i was trying to
Code:
rpm -Uvh

'instead of '

rpm -Fvh
the rpms.
You need to use -Uvh, see above.


All times are GMT -5. The time now is 01:32 PM.