When I checked the version of OpenSSL on a Sun SPARC system running Solaris 2.7, I found it was out-of-date.
# ssh -V OpenSSH_4.7p1, OpenSSL 0.9.8f 11 Oct 2007 # /usr/local/ssl/bin/openssl version OpenSSL 0.9.8f 11 Oct 2007
Version 0.9.8j is currently available, so I downloaded it from sunfreeware.com. The sunfreeware.com site provides the following information for OpenSSL 0.98j for the SPARC platform:
openssl-0.9.8j-sol7-sparc-local.gz openssl is an open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library - installs in /usr/local/ssl. Note to users with sun4m machines. The openssl package here was built on a sun4u system and will not work on your machines. The one built for Solaris 2.5 was built on a sun4m machine and has been tested and does work. If you do uname -a and you get sun4m in the result, install the Solaris 2.5 openssl package instead. The configure option used for making openssl was solaris-sparcv9-gcc shared. You may also need to install either gcc-3.4.6 or libgcc-3.4.6 to obtain the libgcc_s.so.1 library. openssl is often used to make machines more secure. Make sure you know what you are doing. Any security problems are your responsiblitiy. See our Disclaimer.
openssl-0.9.8j.tar.gz Source Code. [Details]
I unzipped the file I downloaded and installed the package.
# gunzip openssl-0.9.8j-sol7-sparc-local.gz # pkgadd -d ./openssl-0.9.8j-sol7-sparc-local The following packages are available: 1 SMCossl openssl (sparc) 0.9.8j Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]: 1 Processing package instance <SMCossl> from </tmp/openssl-0.9.8j-sol7-sparc-local> openssl (sparc) 0.9.8j The OpenSSL Group Using </usr/local> as the package base directory. ## Processing package information. ## Processing system information. 771 package pathnames are already properly installed. ## Verifying disk space requirements. ## Checking for conflicts with packages already installed. ## Checking for setuid/setgid programs. Installing openssl as <SMCossl> ## Installing part 1 of 1. /usr/local/doc/openssl/CHANGES /usr/local/doc/openssl/CHANGES.SSLeay /usr/local/doc/openssl/FAQ /usr/local/doc/openssl/INSTALL /usr/local/doc/openssl/INSTALL.DJGPP /usr/local/doc/openssl/INSTALL.MacOS /usr/local/doc/openssl/INSTALL.NW /usr/local/doc/openssl/INSTALL.OS2 /usr/local/doc/openssl/INSTALL.VMS /usr/local/doc/openssl/INSTALL.W32 /usr/local/doc/openssl/INSTALL.W64 /usr/local/doc/openssl/INSTALL.WCE /usr/local/doc/openssl/NEWS /usr/local/doc/openssl/README <text snipped> /usr/local/ssl/man/man7/des_modes.7 /usr/local/ssl/misc/CA.pl /usr/local/ssl/misc/CA.sh /usr/local/ssl/misc/c_hash /usr/local/ssl/misc/c_info /usr/local/ssl/misc/c_issuer /usr/local/ssl/misc/c_name /usr/local/ssl/openssl.cnf [ verifying class <none> ] Installation of <SMCossl> was successful.
I then verified the new version was installed.
# /usr/local/ssl/bin/openssl version OpenSSL 0.9.8j 07 Jan 2009
When I then ran the
ssh command, I realized I needed
to upgrade ssh as well.
# ssh -V OpenSSL version mismatch. Built against 908070, you have 9080af
Sunfreeware.com listed the current OpenSSH version as 5.2p1.
openssh-5.2p1-sol7-sparc-local.gz Openssh is an open source version of the SSH secure shell system - installs in /usr/local. PAM support is included and requires its own configuration. Openssh also requires the installation of the packages openssl-0.9.8j (do not use the older openssl packages), zlib, gcc-3.4.6 or libgcc-3.4.6, prngd and optionally, but highly recommended, the perl, egd and tcp_wrappers packages. You MUST read the OpenSSH installation page for installation details and helpful web sites. For example, the /usr/local/etc/sshd_config file may need to be edited. openssh is often used to make machines more secure. Make sure you know what you are doing. Any security problems are your responsiblitiy. The main ssh web site is at the [Details] link below. It is also important that you read our Disclaimer.
openssh-5.2p1.tar.gz Source Code. [Details]
So I downloaded and installed the latest OpenSSH package from sunfreeware.com as well.
# wget -q ftp://ftp.sunfreeware.com/pub/freeware/sparc/7/openssh-5.2p1-sol7-sparc-local.gz # gunzip openssh-5.2p1-sol7-sparc-local.gz # pkgadd -d ./openssh-5.2p1-sol7-sparc-local The following packages are available: 1 SMCosh521 openssh (sparc) 5.2p1 Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]: 1 Processing package instance <SMCosh521> from </tmp/openssh-5.2p1-sol7-sparc-local> openssh (sparc) 5.2p1 The OpenSSH Group Using </usr/local> as the package base directory. ## Processing package information. ## Processing system information. 16 package pathnames are already properly installed. ## Verifying disk space requirements. ## Checking for conflicts with packages already installed. The following files are already installed on the system and are being used by another package: /usr/local/bin/scp /usr/local/bin/sftp /usr/local/bin/ssh /usr/local/bin/ssh-add /usr/local/bin/ssh-agent /usr/local/bin/ssh-keygen /usr/local/bin/ssh-keyscan /usr/local/doc/openssh/CREDITS /usr/local/doc/openssh/ChangeLog /usr/local/doc/openssh/INSTALL /usr/local/doc/openssh/LICENCE /usr/local/doc/openssh/OVERVIEW /usr/local/doc/openssh/README /usr/local/doc/openssh/README.dns /usr/local/doc/openssh/README.platform /usr/local/doc/openssh/README.privsep /usr/local/doc/openssh/README.smartcard /usr/local/doc/openssh/README.tun /usr/local/doc/openssh/TODO <text snipped> /usr/local/etc/ssh_config /usr/local/etc/sshd_config /usr/local/libexec/sftp-server /usr/local/libexec/ssh-keysign /usr/local/libexec/ssh-rand-helper /usr/local/sbin/sshd /usr/local/share/Ssh.bin Do you want to install these conflicting files [y,n,?,q] y ## Checking for setuid/setgid programs. Installing openssh as <SMCosh521> ## Installing part 1 of 1. /usr/local/bin/scp /usr/local/bin/sftp /usr/local/bin/ssh /usr/local/bin/ssh-add /usr/local/bin/ssh-agent /usr/local/bin/ssh-keygen /usr/local/bin/ssh-keyscan /usr/local/doc/openssh/CREDITS /usr/local/doc/openssh/ChangeLog /usr/local/doc/openssh/INSTALL /usr/local/doc/openssh/LICENCE /usr/local/doc/openssh/OVERVIEW /usr/local/doc/openssh/README <text snipped> /usr/local/share/man/man1/ssh.1 /usr/local/share/man/man5/ssh_config.5 /usr/local/share/man/man5/sshd_config.5 /usr/local/share/man/man8/sftp-server.8 /usr/local/share/man/man8/ssh-keysign.8 /usr/local/share/man/man8/ssh-rand-helper.8 /usr/local/share/man/man8/sshd.8 [ verifying class <none> ] Installation of <SMCosh521> was successful.
I then rechecked the version of ssh on the system. The version was now up-to-date.
# ssh -V OpenSSH_5.2p1, OpenSSL 0.9.8j 07 Jan 2009
The OpenSSH installation page stated "It has been noted that on some Solaris systems, scp and sftp may not work unless /usr/local/bin in in your PATH before /usr/bin. The older scp that comes with Solaris may conflict with the new openssl packages." So I tested sftp and scp to ensure they worked by transferring a file to another system.