[Previo por Fecha] [Siguiente por Fecha] [Previo por Hilo] [Siguiente por Hilo]
[Hilos de Discusión] [Fecha] [Tema] [Autor]Anoche tuve que manejar hasta la consola de mi servidor por no habérseme ocurrido alco tan sencillo como: make install && /sbin/ldconfig && /usr/local/sbin/sshd ; # dentro de un screen..... Como creo que les puede interesar a varios, me permito copiar la discusión completa de Slashdot. (Además no está tan larga....) -------INICIA RECORTE DE SLASHDOT----------------------------------------------------- Upgrading SSL is nothing like upgrading SSH (Score:5, Interesting) by tzanger ({tzanger-sd} {at} {mixdown.org}) on Tue July 30, 11:07 (#3978586) (User #1575 Info | http://www.mixdown.org/) I have 18 firewalls to update (I sell these and support them, it's a nice way to suppliment my income). I'm not having much luck updating them though. So far (on 5/7 firewalls), updating the ssl libraries caused ssh to kick out. This is very much unlike upgrading ssh, where the currently running sessions would stay active and you just kill off the 'parent' sshd process and restart sshd to upgrade. Does anyone know why upgrading the shared lib is kicking out running sessions of ssh linked against it? Short of compiling sshd statically, is there any way around this? So far all the boxes are local but I have a few that are quite a distance and short of enabling telnet with a throwaway root account or statically compiling a temporary sshd, I'm screwed. :-) Re:Upgrading SSL is nothing like upgrading SSH (Score:1) by Dimensio (darkstar AT iglou DOT com) on Tue July 30, 12:44 (#3979359) (User #311070 Info) Odd, I just updated ssl remotely via an ssh connection (compiled against the previous libs). I then recompiled ssh without problem. [ Reply to This | Parent ] Re:Upgrading SSL is nothing like upgrading SSH by tzanger (Score:2) Tue July 30, 13:09 Re:Upgrading SSL is nothing like upgrading SSH by Dimensio (Score:2) Tue July 30, 14:36 Re:Upgrading SSL is nothing like upgrading SSH by tzanger (Score:2) Tue July 30, 15:52 Re:Upgrading SSL is nothing like upgrading SSH (Score:1) by knuffelbeer on Tue July 30, 13:35 (#3979773) (User #235189 Info) So far (on 5/7 firewalls), updating the ssl libraries caused ssh to kick out. This is very much unlike upgrading ssh, where the currently running sessions would stay active and you just kill off the 'parent' sshd process and restart sshd to upgrade. Library upgrades may break running programs depending on the underlying OS (I noticed this on Solaris). It all depends on whether the existing library get overwritten or gets replaced (depends on cp or install used). This probably only happens if the library version number isn't changed. A workaround would be to move the existing library aside before you do make install. (e.g. mv libssl.so.0.9.6 libssl.so.0.9.6-OLD) [ Reply to This | Parent ] Re:Upgrading SSL is nothing like upgrading SSH by tzanger (Score:2) Tue July 30, 15:54 Re:Upgrading SSL is nothing like upgrading SSH by knuffelbeer (Score:1) Tue July 30, 16:05 Re:Upgrading SSL is nothing like upgrading SSH (Score:1) by Ruprickt on Tue July 30, 15:17 (#3980643) (User #514467 Info) Try copying the shared SSL library to another location, then start a new sshd on a different port using LD_LIBRARY_PRELOAD. Connect to this 2nd sshd and upgrade libSSL. Then just restart the regular sshd and connect, kill the 2nd sshd, and remove the copy of libssl. [ Reply to This | Parent ] Re:Upgrading SSL is nothing like upgrading SSH by tzanger (Score:2) Tue July 30, 16:06 Re:Upgrading SSL is nothing like upgrading SSH (Score:1) by vph (vph en iNOkSPAMi fi) on Tue July 30, 15:51 (#3980961) (User #24726 Info | http://www.iki.fi/vph/) Probably your sshd fails when install overwrites libcrypto.so. And rest of the installation is aborted. How about running installation under screen, so that installation proceeds even if the conenction is terminated. Try (under screen) something like: make install && /sbin/ldconfig && /etc/init.d/sshd restart And when you get kicked out, just reconnect and run screen -r... Also older ssh versions seem to check openssl version and work only with the version they are compiled with. More recent versions do not seem to have this feature. [ Reply to This | Parent ] Re:Upgrading SSL is nothing like upgrading SSH by tzanger (Score:2) Tue July 30, 15:57 Re:Upgrading SSL is nothing like upgrading SSH (Score:2) by tzanger ({tzanger-sd} {at} {mixdown.org}) on Tue July 30, 13:12 (#3979615) (User #1575 Info | http://www.mixdown.org/) The deal is that the version of SSH may not support the API OpenSSL provides in the latest patched version. You may have to wait for SSH to be updated to work with the newest one. Interesting theory but why would a simple recompile of ssh work then? If the API changed I would have thought to see compiler errors. -------TERMINA RECORTE DE SLASHDOT---------------------------------------------------- -- Sandino Araico Sánchez As long as crap software is considered acceptable and people who write crap - employable, the things will be bad and job market - overcrowded. -- Alexander Viro _______________________________________________ Ayuda mailing list Ayuda en linux org mx Para salir de la lista: http://mail.linux.org.mx/mailman/listinfo/ayuda/