MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
October
Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      
2007
Months
Jan Feb Mar
Apr May Jun
Jul Aug Sep
OctNov Dec


Tue, Oct 16, 2007 7:51 pm

OpenSSH upgrade to 4.7.1

When I checked the version of the OpenSSH software on a Sun SPARC system running Solaris 7 for which I am the administrator, I found it was outdated. 

# ssh -V
OpenSSH_3.7.1p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7b 10 Apr 2003

Note: if you need to check the version of the SSH daemon software on a remote system, you can ssh to the system using the -v option to obtain verbose debugging messages, which will reveal the version number on the remote system in the "remote protocol version" line. Note: the version you see on the first line is the version of the ssh client you are using, not the version on the remote SSH server. 

# ssh -v jsmith@192.168.0.11
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to example.com [192.168.0.11] port 22.
debug1: Connection established.
debug1: identity file /home/jim/.ssh/identity type -1
debug1: identity file /home/jim/.ssh/id_rsa type -1
debug1: identity file /home/jim/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.7.1p1
debug1: match: OpenSSH_3.7.1p1 pat OpenSSH*

An updated package, 4.7.1, is available from Sunfreeware.com.

openssh-4.7p1

Installation of that version also requires the installation of the packages openssl-0.9.8e (do not use the older openssl packages), zlib, libgcc-3.3 or gcc-3.3.2, prngd and optionally, but highly recommended, the perl, egd and tcp_wrappers packages.

When I checked the OpenSSL version on the system, I found it also needed to be updated. 

# /usr/local/ssl/bin/openssl version
OpenSSL 0.9.7b 10 Apr 2003

The information for the OpenSSL 0.9.8e package stated that you "may also need to install either gcc-3.4.6 or libgcc-3.4.6 to obtain the libgcc_s.so.1 library.

I found that gcc was also outdated. 

# gcc -v
Reading specs from /usr/local/lib/gcc-lib/sparc-sun-solaris2.7/3.0.4/specs
Configured with: ../gcc-3.0.4/configure
Thread model: posix
gcc version 3.0.4

The gcc package requires the installation of libiconv, but that was already on the system in /usr/local/lib. The gcc package is fairly large; since I already had an earlier version of gcc on the system, I decided to proceed with the installation of OpenSSL 0.9.8e instead of waiting over a 1/2 hour to download the latest version of the gcc package. 

# gunzip openssl-0.9.8e-sol7-sparc-local.gz
# pkgadd -d ./openssl-0.9.8e-sol7-sparc-local

The following packages are available:
  1  SMCossl     openssl
                 (sparc) 0.9.8e

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1
Processing package instance <SMCossl> from 
</tmp/openssl-0.9.8e-sol7-sparc-local>

openssl
(sparc) 0.9.8e
The OpenSSL Group
Using  as the package base directory.
## Processing package information.
## Processing system information.
   711 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.

The following files are already installed on the system and are being
used by another package:
* /usr/local/ssl 
* /usr/local/ssl/bin 
* /usr/local/ssl/bin/c_rehash 
* /usr/local/ssl/bin/openssl
* /usr/local/ssl/certs 
* /usr/local/ssl/include 
* /usr/local/ssl/include/openssl 
* /usr/local/ssl/include/openssl/aes.h
* /usr/local/ssl/include/openssl/asn1.h
* /usr/local/ssl/include/openssl/asn1_mac.h
* /usr/local/ssl/include/openssl/asn1t.h
* /usr/local/ssl/include/openssl/bio.h
* /usr/local/ssl/include/openssl/blowfish.h 
* /usr/local/ssl/include/openssl/bn.h
* /usr/local/ssl/include/openssl/buffer.h
* /usr/local/ssl/include/openssl/cast.h
* /usr/local/ssl/include/openssl/comp.h
* /usr/local/ssl/include/openssl/conf.h
* /usr/local/ssl/include/openssl/conf_api.h 
[Hit  to continue display]

* /usr/local/ssl/include/openssl/crypto.h
* /usr/local/ssl/include/openssl/des.h
* /usr/local/ssl/include/openssl/des_old.h
* /usr/local/ssl/include/openssl/dh.h
* /usr/local/ssl/include/openssl/dsa.h
* /usr/local/ssl/include/openssl/dso.h
* /usr/local/ssl/include/openssl/e_os2.h
* /usr/local/ssl/include/openssl/ebcdic.h 
* /usr/local/ssl/include/openssl/ec.h
* /usr/local/ssl/include/openssl/engine.h
* /usr/local/ssl/include/openssl/err.h
* /usr/local/ssl/include/openssl/evp.h
* /usr/local/ssl/include/openssl/hmac.h
* /usr/local/ssl/include/openssl/idea.h
* /usr/local/ssl/include/openssl/krb5_asn.h
* /usr/local/ssl/include/openssl/kssl.h
* /usr/local/ssl/include/openssl/lhash.h
* /usr/local/ssl/include/openssl/md2.h
* /usr/local/ssl/include/openssl/md4.h
* /usr/local/ssl/include/openssl/md5.h
[Hit  to continue display]
* /usr/local/ssl/include/openssl/obj_mac.h
* /usr/local/ssl/include/openssl/objects.h
* /usr/local/ssl/include/openssl/ocsp.h
* /usr/local/ssl/include/openssl/opensslconf.h
* /usr/local/ssl/include/openssl/opensslv.h
* /usr/local/ssl/include/openssl/ossl_typ.h
* /usr/local/ssl/include/openssl/pem.h
* /usr/local/ssl/include/openssl/pem2.h 
* /usr/local/ssl/include/openssl/pkcs12.h
* /usr/local/ssl/include/openssl/pkcs7.h
* /usr/local/ssl/include/openssl/rand.h
* /usr/local/ssl/include/openssl/rc2.h
* /usr/local/ssl/include/openssl/rc4.h
* /usr/local/ssl/include/openssl/ripemd.h
* /usr/local/ssl/include/openssl/rsa.h
* /usr/local/ssl/include/openssl/safestack.h
* /usr/local/ssl/include/openssl/sha.h
* /usr/local/ssl/include/openssl/ssl.h
* /usr/local/ssl/include/openssl/ssl2.h 
* /usr/local/ssl/include/openssl/ssl23.h 
[Hit  to continue display]

* /usr/local/ssl/include/openssl/ssl3.h
* /usr/local/ssl/include/openssl/stack.h
* /usr/local/ssl/include/openssl/symhacks.h
* /usr/local/ssl/include/openssl/tls1.h
* /usr/local/ssl/include/openssl/tmdiff.h
* /usr/local/ssl/include/openssl/txt_db.h
* /usr/local/ssl/include/openssl/ui.h
* /usr/local/ssl/include/openssl/ui_compat.h 
* /usr/local/ssl/include/openssl/x509.h
* /usr/local/ssl/include/openssl/x509_vfy.h
* /usr/local/ssl/include/openssl/x509v3.h
* /usr/local/ssl/lib 
* /usr/local/ssl/lib/libcrypto.a
* /usr/local/ssl/lib/libssl.a
* /usr/local/ssl/lib/pkgconfig 
* /usr/local/ssl/lib/pkgconfig/openssl.pc
* /usr/local/ssl/man 
* /usr/local/ssl/man/man1 
* /usr/local/ssl/man/man1/CA.pl.1
* /usr/local/ssl/man/man1/asn1parse.1
[Hit  to continue display]

* /usr/local/ssl/man/man1/ca.1
* /usr/local/ssl/man/man1/ciphers.1
* /usr/local/ssl/man/man1/crl.1
* /usr/local/ssl/man/man1/crl2pkcs7.1
* /usr/local/ssl/man/man1/dgst.1
* /usr/local/ssl/man/man1/dhparam.1
* /usr/local/ssl/man/man1/dsa.1
* /usr/local/ssl/man/man1/dsaparam.1
* /usr/local/ssl/man/man1/enc.1
* /usr/local/ssl/man/man1/gendsa.1
* /usr/local/ssl/man/man1/genrsa.1
* /usr/local/ssl/man/man1/nseq.1
* /usr/local/ssl/man/man1/ocsp.1
* /usr/local/ssl/man/man1/openssl.1
* /usr/local/ssl/man/man1/passwd.1
* /usr/local/ssl/man/man1/pkcs12.1
* /usr/local/ssl/man/man1/pkcs7.1
* /usr/local/ssl/man/man1/pkcs8.1
* /usr/local/ssl/man/man1/rand.1
* /usr/local/ssl/man/man1/req.1
[Hit  to continue display]

* /usr/local/ssl/man/man1/rsa.1
* /usr/local/ssl/man/man1/rsautl.1
* /usr/local/ssl/man/man1/s_client.1
* /usr/local/ssl/man/man1/s_server.1
* /usr/local/ssl/man/man1/sess_id.1
* /usr/local/ssl/man/man1/smime.1
* /usr/local/ssl/man/man1/speed.1
* /usr/local/ssl/man/man1/spkac.1
* /usr/local/ssl/man/man1/verify.1
* /usr/local/ssl/man/man1/version.1
* /usr/local/ssl/man/man1/x509.1
* /usr/local/ssl/man/man3 
* /usr/local/ssl/man/man3/ASN1_OBJECT_new.3
* /usr/local/ssl/man/man3/ASN1_STRING_length.3
* /usr/local/ssl/man/man3/ASN1_STRING_new.3
* /usr/local/ssl/man/man3/ASN1_STRING_print_ex.3
* /usr/local/ssl/man/man3/BIO_ctrl.3
* /usr/local/ssl/man/man3/BIO_f_base64.3
* /usr/local/ssl/man/man3/BIO_f_buffer.3
* /usr/local/ssl/man/man3/BIO_f_cipher.3
[Hit  to continue display]

* /usr/local/ssl/man/man3/BIO_f_md.3
* /usr/local/ssl/man/man3/BIO_f_null.3
* /usr/local/ssl/man/man3/BIO_f_ssl.3
* /usr/local/ssl/man/man3/BIO_find_type.3
* /usr/local/ssl/man/man3/BIO_new.3
* /usr/local/ssl/man/man3/BIO_push.3
* /usr/local/ssl/man/man3/BIO_read.3
* /usr/local/ssl/man/man3/BIO_s_accept.3
* /usr/local/ssl/man/man3/BIO_s_bio.3
* /usr/local/ssl/man/man3/BIO_s_connect.3
* /usr/local/ssl/man/man3/BIO_s_fd.3
* /usr/local/ssl/man/man3/BIO_s_file.3
* /usr/local/ssl/man/man3/BIO_s_mem.3
* /usr/local/ssl/man/man3/BIO_s_null.3
* /usr/local/ssl/man/man3/BIO_s_socket.3
* /usr/local/ssl/man/man3/BIO_set_callback.3
* /usr/local/ssl/man/man3/BIO_should_retry.3
* /usr/local/ssl/man/man3/BN_CTX_new.3
* /usr/local/ssl/man/man3/BN_CTX_start.3
* /usr/local/ssl/man/man3/BN_add.3
[Hit  to continue display]

* /usr/local/ssl/man/man3/BN_add_word.3
* /usr/local/ssl/man/man3/BN_bn2bin.3
* /usr/local/ssl/man/man3/BN_cmp.3
* /usr/local/ssl/man/man3/BN_copy.3
* /usr/local/ssl/man/man3/BN_generate_prime.3
* /usr/local/ssl/man/man3/BN_mod_inverse.3
* /usr/local/ssl/man/man3/BN_mod_mul_montgomery.3
* /usr/local/ssl/man/man3/BN_mod_mul_reciprocal.3
* /usr/local/ssl/man/man3/BN_new.3
* /usr/local/ssl/man/man3/BN_num_bytes.3
* /usr/local/ssl/man/man3/BN_rand.3
* /usr/local/ssl/man/man3/BN_set_bit.3
* /usr/local/ssl/man/man3/BN_swap.3
* /usr/local/ssl/man/man3/BN_zero.3
* /usr/local/ssl/man/man3/CRYPTO_set_ex_data.3
* /usr/local/ssl/man/man3/DH_generate_key.3
* /usr/local/ssl/man/man3/DH_generate_parameters.3
* /usr/local/ssl/man/man3/DH_get_ex_new_index.3
* /usr/local/ssl/man/man3/DH_new.3
* /usr/local/ssl/man/man3/DH_set_method.3
[Hit  to continue display]

* /usr/local/ssl/man/man3/DH_size.3
* /usr/local/ssl/man/man3/DSA_SIG_new.3
* /usr/local/ssl/man/man3/DSA_do_sign.3
* /usr/local/ssl/man/man3/DSA_dup_DH.3
* /usr/local/ssl/man/man3/DSA_generate_key.3
* /usr/local/ssl/man/man3/DSA_generate_parameters.3
* /usr/local/ssl/man/man3/DSA_get_ex_new_index.3
* /usr/local/ssl/man/man3/DSA_new.3
* /usr/local/ssl/man/man3/DSA_set_method.3
* /usr/local/ssl/man/man3/DSA_sign.3
* /usr/local/ssl/man/man3/DSA_size.3
* /usr/local/ssl/man/man3/ERR_GET_LIB.3
* /usr/local/ssl/man/man3/ERR_clear_error.3
* /usr/local/ssl/man/man3/ERR_error_string.3
* /usr/local/ssl/man/man3/ERR_get_error.3
* /usr/local/ssl/man/man3/ERR_load_crypto_strings.3
* /usr/local/ssl/man/man3/ERR_load_strings.3
* /usr/local/ssl/man/man3/ERR_print_errors.3
* /usr/local/ssl/man/man3/ERR_put_error.3
* /usr/local/ssl/man/man3/ERR_remove_state.3
[Hit  to continue display]

* /usr/local/ssl/man/man3/EVP_BytesToKey.3
* /usr/local/ssl/man/man3/EVP_DigestInit.3
* /usr/local/ssl/man/man3/EVP_EncryptInit.3
* /usr/local/ssl/man/man3/EVP_OpenInit.3
* /usr/local/ssl/man/man3/EVP_PKEY_new.3
* /usr/local/ssl/man/man3/EVP_PKEY_set1_RSA.3
* /usr/local/ssl/man/man3/EVP_SealInit.3
* /usr/local/ssl/man/man3/EVP_SignInit.3
* /usr/local/ssl/man/man3/EVP_VerifyInit.3
* /usr/local/ssl/man/man3/OBJ_nid2obj.3
* /usr/local/ssl/man/man3/OPENSSL_VERSION_NUMBER.3
* /usr/local/ssl/man/man3/OpenSSL_add_all_algorithms.3
* /usr/local/ssl/man/man3/PKCS12_create.3
* /usr/local/ssl/man/man3/PKCS12_parse.3
* /usr/local/ssl/man/man3/PKCS7_decrypt.3
* /usr/local/ssl/man/man3/PKCS7_encrypt.3
* /usr/local/ssl/man/man3/PKCS7_sign.3
* /usr/local/ssl/man/man3/PKCS7_verify.3
* /usr/local/ssl/man/man3/RAND_add.3
* /usr/local/ssl/man/man3/RAND_bytes.3
[Hit  to continue display]

* /usr/local/ssl/man/man3/RAND_cleanup.3
* /usr/local/ssl/man/man3/RAND_egd.3
* /usr/local/ssl/man/man3/RAND_load_file.3
* /usr/local/ssl/man/man3/RAND_set_rand_method.3
* /usr/local/ssl/man/man3/RSA_blinding_on.3
* /usr/local/ssl/man/man3/RSA_check_key.3
* /usr/local/ssl/man/man3/RSA_generate_key.3
* /usr/local/ssl/man/man3/RSA_get_ex_new_index.3
* /usr/local/ssl/man/man3/RSA_new.3
* /usr/local/ssl/man/man3/RSA_padding_add_PKCS1_type_1.3
* /usr/local/ssl/man/man3/RSA_print.3
* /usr/local/ssl/man/man3/RSA_private_encrypt.3
* /usr/local/ssl/man/man3/RSA_public_encrypt.3
* /usr/local/ssl/man/man3/RSA_set_method.3
* /usr/local/ssl/man/man3/RSA_sign.3
* /usr/local/ssl/man/man3/RSA_sign_ASN1_OCTET_STRING.3
* /usr/local/ssl/man/man3/RSA_size.3
* /usr/local/ssl/man/man3/SMIME_read_PKCS7.3
* /usr/local/ssl/man/man3/SMIME_write_PKCS7.3
* /usr/local/ssl/man/man3/SSL_CIPHER_get_name.3
[Hit  to continue display]

* /usr/local/ssl/man/man3/SSL_COMP_add_compression_method.3
* /usr/local/ssl/man/man3/SSL_CTX_add_extra_chain_cert.3
* /usr/local/ssl/man/man3/SSL_CTX_add_session.3
* /usr/local/ssl/man/man3/SSL_CTX_ctrl.3
* /usr/local/ssl/man/man3/SSL_CTX_flush_sessions.3
* /usr/local/ssl/man/man3/SSL_CTX_free.3
* /usr/local/ssl/man/man3/SSL_CTX_get_ex_new_index.3
* /usr/local/ssl/man/man3/SSL_CTX_get_verify_mode.3
* /usr/local/ssl/man/man3/SSL_CTX_load_verify_locations.3
* /usr/local/ssl/man/man3/SSL_CTX_new.3
* /usr/local/ssl/man/man3/SSL_CTX_sess_number.3
* /usr/local/ssl/man/man3/SSL_CTX_sess_set_cache_size.3
* /usr/local/ssl/man/man3/SSL_CTX_sess_set_get_cb.3
* /usr/local/ssl/man/man3/SSL_CTX_sessions.3
* /usr/local/ssl/man/man3/SSL_CTX_set_cert_store.3
* /usr/local/ssl/man/man3/SSL_CTX_set_cert_verify_callback.3
* /usr/local/ssl/man/man3/SSL_CTX_set_cipher_list.3
* /usr/local/ssl/man/man3/SSL_CTX_set_client_CA_list.3
* /usr/local/ssl/man/man3/SSL_CTX_set_client_cert_cb.3
* /usr/local/ssl/man/man3/SSL_CTX_set_default_passwd_cb.3
[Hit  to continue display]

* /usr/local/ssl/man/man3/SSL_CTX_set_generate_session_id.3
* /usr/local/ssl/man/man3/SSL_CTX_set_info_callback.3
* /usr/local/ssl/man/man3/SSL_CTX_set_max_cert_list.3
* /usr/local/ssl/man/man3/SSL_CTX_set_mode.3
* /usr/local/ssl/man/man3/SSL_CTX_set_msg_callback.3
* /usr/local/ssl/man/man3/SSL_CTX_set_options.3
* /usr/local/ssl/man/man3/SSL_CTX_set_quiet_shutdown.3
* /usr/local/ssl/man/man3/SSL_CTX_set_session_cache_mode.3
* /usr/local/ssl/man/man3/SSL_CTX_set_session_id_context.3
* /usr/local/ssl/man/man3/SSL_CTX_set_ssl_version.3
* /usr/local/ssl/man/man3/SSL_CTX_set_timeout.3
* /usr/local/ssl/man/man3/SSL_CTX_set_tmp_dh_callback.3
* /usr/local/ssl/man/man3/SSL_CTX_set_tmp_rsa_callback.3
* /usr/local/ssl/man/man3/SSL_CTX_set_verify.3
* /usr/local/ssl/man/man3/SSL_CTX_use_certificate.3
* /usr/local/ssl/man/man3/SSL_SESSION_free.3
* /usr/local/ssl/man/man3/SSL_SESSION_get_ex_new_index.3
* /usr/local/ssl/man/man3/SSL_SESSION_get_time.3
* /usr/local/ssl/man/man3/SSL_accept.3
* /usr/local/ssl/man/man3/SSL_alert_type_string.3
[Hit  to continue display]

* /usr/local/ssl/man/man3/SSL_clear.3
* /usr/local/ssl/man/man3/SSL_connect.3
* /usr/local/ssl/man/man3/SSL_do_handshake.3
* /usr/local/ssl/man/man3/SSL_free.3
* /usr/local/ssl/man/man3/SSL_get_SSL_CTX.3
* /usr/local/ssl/man/man3/SSL_get_ciphers.3
* /usr/local/ssl/man/man3/SSL_get_client_CA_list.3
* /usr/local/ssl/man/man3/SSL_get_current_cipher.3
* /usr/local/ssl/man/man3/SSL_get_default_timeout.3
* /usr/local/ssl/man/man3/SSL_get_error.3
* /usr/local/ssl/man/man3/SSL_get_ex_data_X509_STORE_CTX_idx.3
* /usr/local/ssl/man/man3/SSL_get_ex_new_index.3
* /usr/local/ssl/man/man3/SSL_get_fd.3
* /usr/local/ssl/man/man3/SSL_get_peer_cert_chain.3
* /usr/local/ssl/man/man3/SSL_get_peer_certificate.3
* /usr/local/ssl/man/man3/SSL_get_rbio.3
* /usr/local/ssl/man/man3/SSL_get_session.3
* /usr/local/ssl/man/man3/SSL_get_verify_result.3
* /usr/local/ssl/man/man3/SSL_get_version.3
* /usr/local/ssl/man/man3/SSL_library_init.3
[Hit  to continue display]

* /usr/local/ssl/man/man3/SSL_load_client_CA_file.3
* /usr/local/ssl/man/man3/SSL_new.3
* /usr/local/ssl/man/man3/SSL_pending.3
* /usr/local/ssl/man/man3/SSL_read.3
* /usr/local/ssl/man/man3/SSL_rstate_string.3
* /usr/local/ssl/man/man3/SSL_session_reused.3
* /usr/local/ssl/man/man3/SSL_set_bio.3
* /usr/local/ssl/man/man3/SSL_set_connect_state.3
* /usr/local/ssl/man/man3/SSL_set_fd.3
* /usr/local/ssl/man/man3/SSL_set_session.3
* /usr/local/ssl/man/man3/SSL_set_shutdown.3
* /usr/local/ssl/man/man3/SSL_set_verify_result.3
* /usr/local/ssl/man/man3/SSL_shutdown.3
* /usr/local/ssl/man/man3/SSL_state_string.3
* /usr/local/ssl/man/man3/SSL_want.3
* /usr/local/ssl/man/man3/SSL_write.3
* /usr/local/ssl/man/man3/X509_NAME_ENTRY_get_object.3
* /usr/local/ssl/man/man3/X509_NAME_add_entry_by_txt.3
* /usr/local/ssl/man/man3/X509_NAME_get_index_by_NID.3
* /usr/local/ssl/man/man3/X509_NAME_print_ex.3
[Hit  to continue display]

* /usr/local/ssl/man/man3/X509_new.3
* /usr/local/ssl/man/man3/bio.3
* /usr/local/ssl/man/man3/blowfish.3
* /usr/local/ssl/man/man3/bn.3
* /usr/local/ssl/man/man3/bn_internal.3
* /usr/local/ssl/man/man3/buffer.3
* /usr/local/ssl/man/man3/crypto.3
* /usr/local/ssl/man/man3/d2i_ASN1_OBJECT.3
* /usr/local/ssl/man/man3/d2i_DHparams.3
* /usr/local/ssl/man/man3/d2i_DSAPublicKey.3
* /usr/local/ssl/man/man3/d2i_PKCS8PrivateKey.3
* /usr/local/ssl/man/man3/d2i_RSAPublicKey.3
* /usr/local/ssl/man/man3/d2i_SSL_SESSION.3
* /usr/local/ssl/man/man3/d2i_X509.3
* /usr/local/ssl/man/man3/d2i_X509_ALGOR.3
* /usr/local/ssl/man/man3/d2i_X509_CRL.3
* /usr/local/ssl/man/man3/d2i_X509_NAME.3
* /usr/local/ssl/man/man3/d2i_X509_REQ.3
* /usr/local/ssl/man/man3/d2i_X509_SIG.3
* /usr/local/ssl/man/man3/des.3
[Hit  to continue display]

* /usr/local/ssl/man/man3/dh.3
* /usr/local/ssl/man/man3/dsa.3
* /usr/local/ssl/man/man3/engine.3
* /usr/local/ssl/man/man3/err.3
* /usr/local/ssl/man/man3/evp.3
* /usr/local/ssl/man/man3/hmac.3
* /usr/local/ssl/man/man3/lh_stats.3
* /usr/local/ssl/man/man3/lhash.3
* /usr/local/ssl/man/man3/md5.3
* /usr/local/ssl/man/man3/mdc2.3
* /usr/local/ssl/man/man3/pem.3
* /usr/local/ssl/man/man3/rand.3
* /usr/local/ssl/man/man3/rc4.3
* /usr/local/ssl/man/man3/ripemd.3
* /usr/local/ssl/man/man3/rsa.3
* /usr/local/ssl/man/man3/sha.3
* /usr/local/ssl/man/man3/ssl.3
* /usr/local/ssl/man/man3/threads.3
* /usr/local/ssl/man/man3/ui.3
* /usr/local/ssl/man/man3/ui_compat.3
[Hit  to continue display]

* /usr/local/ssl/man/man5 
* /usr/local/ssl/man/man5/config.5
* /usr/local/ssl/man/man7 
* /usr/local/ssl/man/man7/des_modes.7
* /usr/local/ssl/misc 
* /usr/local/ssl/misc/CA.pl
* /usr/local/ssl/misc/CA.sh
* /usr/local/ssl/misc/c_hash 
* /usr/local/ssl/misc/c_info 
* /usr/local/ssl/misc/c_issuer
* /usr/local/ssl/misc/c_name 
* /usr/local/ssl/openssl.cnf
* /usr/local/ssl/private 

* - conflict with a file which does not belong to any package.

Do you want to install these conflicting files [y,n,?,q] y
...
/usr/local/ssl/misc/c_hash 
/usr/local/ssl/misc/c_info 
/usr/local/ssl/misc/c_issuer
/usr/local/ssl/misc/c_name 
/usr/local/ssl/openssl.cnf
[ verifying class  ]

Installation of <SMCossl> was successful.
#

I chose to replace the outdated versions of files when prompted as to whether I wanted to "install these conflicting files". I checked the version of OpenSSL afterwards and saw the new version listed. 

# /usr/local/ssl/bin/openssl version
OpenSSL 0.9.8e 23 Feb 2007

I then installed OpenSSH 4.7.1 

# gunzip openssh-4.7p1-sol7-sparc-local.gz
# pkgadd -d openssh-4.7p1-sol7-sparc-local

The following packages are available:
  1  SMCosh471     openssh
                   (sparc) 4.7p1

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1


Processing package instance <SMCosh471> from </tmp/openssh-4.7p1-sol7-sparc-local>

openssh
(sparc) 4.7p1
The OpenSSH Group
Using  as the package base directory.
## Processing package information.
## Processing system information.
   9 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.

The following files are already installed on the system and are being
used by another package:
* /usr/local/bin/scp
* /usr/local/bin/sftp
* /usr/local/bin/ssh
* /usr/local/bin/ssh-add
* /usr/local/bin/ssh-agent
* /usr/local/bin/ssh-keygen
* /usr/local/bin/ssh-keyscan
* /usr/local/etc/moduli
* /usr/local/etc/ssh_config
* /usr/local/etc/sshd_config
* /usr/local/libexec 
* /usr/local/libexec/sftp-server
* /usr/local/libexec/ssh-keysign
* /usr/local/libexec/ssh-rand-helper
* /usr/local/man/man1/scp.1
* /usr/local/man/man1/sftp.1
* /usr/local/man/man1/ssh-add.1
* /usr/local/man/man1/ssh-agent.1
* /usr/local/man/man1/ssh-keygen.1
[Hit  to continue display]

* /usr/local/man/man1/ssh-keyscan.1
* /usr/local/man/man1/ssh.1
* /usr/local/man/man5/ssh_config.5
* /usr/local/man/man5/sshd_config.5
* /usr/local/man/man8 
* /usr/local/man/man8/sftp-server.8
* /usr/local/man/man8/ssh-keysign.8
* /usr/local/man/man8/ssh-rand-helper.8
* /usr/local/man/man8/sshd.8
* /usr/local/sbin 
* /usr/local/sbin/sshd
* /usr/local/share/Ssh.bin 

* - conflict with a file which does not belong to any package.

Do you want to install these conflicting files [y,n,?,q] y
## Checking for setuid/setgid programs.

Installing openssh as 

## Installing part 1 of 1.
/usr/local/bin/scp
/usr/local/bin/sftp
/usr/local/bin/ssh
/usr/local/bin/ssh-add
/usr/local/bin/ssh-agent
/usr/local/bin/ssh-keygen
/usr/local/bin/ssh-keyscan
/usr/local/doc/openssh/CREDITS
/usr/local/doc/openssh/ChangeLog
/usr/local/doc/openssh/INSTALL
/usr/local/doc/openssh/LICENCE
/usr/local/doc/openssh/OVERVIEW
/usr/local/doc/openssh/README
/usr/local/doc/openssh/README.dns
/usr/local/doc/openssh/README.platform
/usr/local/doc/openssh/README.privsep
/usr/local/doc/openssh/README.smartcard
/usr/local/doc/openssh/README.tun
/usr/local/doc/openssh/TODO
/usr/local/doc/openssh/WARNING.RNG
/usr/local/doc/openssh/contrib/Makefile
/usr/local/doc/openssh/contrib/README
/usr/local/doc/openssh/contrib/aix/README
/usr/local/doc/openssh/contrib/aix/buildbff.sh
/usr/local/doc/openssh/contrib/aix/inventory.sh
/usr/local/doc/openssh/contrib/aix/pam.conf
/usr/local/doc/openssh/contrib/caldera/openssh.spec
/usr/local/doc/openssh/contrib/caldera/ssh-host-keygen
/usr/local/doc/openssh/contrib/caldera/sshd.init
/usr/local/doc/openssh/contrib/caldera/sshd.pam
/usr/local/doc/openssh/contrib/cygwin/Makefile
/usr/local/doc/openssh/contrib/cygwin/README
/usr/local/doc/openssh/contrib/cygwin/ssh-host-config
/usr/local/doc/openssh/contrib/cygwin/ssh-user-config
/usr/local/doc/openssh/contrib/findssl.sh
/usr/local/doc/openssh/contrib/gnome-ssh-askpass1.c
/usr/local/doc/openssh/contrib/gnome-ssh-askpass2.c
/usr/local/doc/openssh/contrib/hpux/README
/usr/local/doc/openssh/contrib/hpux/egd
/usr/local/doc/openssh/contrib/hpux/egd.rc
/usr/local/doc/openssh/contrib/hpux/sshd
/usr/local/doc/openssh/contrib/hpux/sshd.rc
/usr/local/doc/openssh/contrib/redhat/gnome-ssh-askpass.csh
/usr/local/doc/openssh/contrib/redhat/gnome-ssh-askpass.sh
/usr/local/doc/openssh/contrib/redhat/openssh.spec
/usr/local/doc/openssh/contrib/redhat/sshd.init
/usr/local/doc/openssh/contrib/redhat/sshd.init.old
/usr/local/doc/openssh/contrib/redhat/sshd.pam
/usr/local/doc/openssh/contrib/redhat/sshd.pam.old
/usr/local/doc/openssh/contrib/solaris/README
/usr/local/doc/openssh/contrib/ssh-copy-id
/usr/local/doc/openssh/contrib/ssh-copy-id.1
/usr/local/doc/openssh/contrib/sshd.pam.freebsd
/usr/local/doc/openssh/contrib/sshd.pam.generic
/usr/local/doc/openssh/contrib/suse/openssh.spec
/usr/local/doc/openssh/contrib/suse/rc.config.sshd
/usr/local/doc/openssh/contrib/suse/rc.sshd
/usr/local/doc/openssh/contrib/suse/sysconfig.ssh
/usr/local/etc/moduli
/usr/local/etc/ssh_config
/usr/local/etc/sshd_config
/usr/local/libexec/sftp-server
/usr/local/libexec/ssh-keysign
/usr/local/libexec/ssh-rand-helper
/usr/local/man/man1/scp.1
/usr/local/man/man1/sftp.1
/usr/local/man/man1/ssh-add.1
/usr/local/man/man1/ssh-agent.1
/usr/local/man/man1/ssh-keygen.1
/usr/local/man/man1/ssh-keyscan.1
/usr/local/man/man1/ssh.1
/usr/local/man/man5/ssh_config.5
/usr/local/man/man5/sshd_config.5
/usr/local/man/man8/sftp-server.8
/usr/local/man/man8/ssh-keysign.8
/usr/local/man/man8/ssh-rand-helper.8
/usr/local/man/man8/sshd.8
/usr/local/sbin/sshd
/usr/local/share/Ssh.bin 
[ verifying class  ]

Installation of <SMCosh471> was successful.

When I tried to run ssh afterwards, though, I got an error message. 

# ssh -v
ld.so.1: ssh: fatal: libz.so: open failed: No such file or directory
Killed

According to information I found at Re: OpenSSH 3.7.1p1, that occurs when OpenSSH has been compiled with a shared libz and the ssh binary can't find libz on the target system. The suggested solution was to put libz on the target system or rebuild the source code with a static library. At Minimizing the Solaris Operating Environment for Security: Updated for Solaris 9 Operating Environment, I found libz.so.1 associated with the SUNWzlib package, which has a description of "The Zip compression library".

At Very nice OpenSSH 4.3p2 packages for 8,9,10, I found a reference to someone building packages for Solaris 8, 9, and 10 which are built against the static version of zlib (1.2.3), so SUNWzlib is no longer required. Those packages are available from http://firewallworks.com/downloads/unsupported/Solaris-sparc/

I decided to download zlib-1.2.3 from the Sunfreeware site instead. The package contains zlib compression libraries - installs in /usr/local. This package has both libz.a and libz.so libraries. The package requires that libgcc_s.so.1 be in /usr/local/lib. This can be done by installing libgcc-3.3 or gcc or higher. This package contains the patch for the security vulnerability described, for example, in USN-148-1 zlib vulnerability.

I installed that package. 

# pkgadd -d ./zlib-1.2.3-sol7-sparc-local

The following packages are available:
  1  SMCzlib     zlib
                 (sparc) 1.2.3

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1

Processing package instance <SMCzlib> from </tmp/zlib-1.2.3-sol7-sparc-local>

zlib
(sparc) 1.2.3
Jean-loup Gailly
Using  as the package base directory.
## Processing package information.
## Processing system information.
   6 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.

The following files are already installed on the system and are being
used by another package:
* /usr/local/include/zconf.h
* /usr/local/include/zlib.h
* /usr/local/lib/libz.a

* - conflict with a file which does not belong to any package.

Do you want to install these conflicting files [y,n,?,q] y
## Checking for setuid/setgid programs.

Installing zlib as 

## Installing part 1 of 1.
/usr/local/bin/minigzip
/usr/local/doc/zlib/ChangeLog
/usr/local/doc/zlib/FAQ
/usr/local/doc/zlib/INDEX
/usr/local/doc/zlib/README
/usr/local/doc/zlib/algorithm.txt
/usr/local/doc/zlib/contrib/README.contrib
/usr/local/doc/zlib/contrib/ada/buffer_demo.adb
/usr/local/doc/zlib/contrib/ada/mtest.adb
/usr/local/doc/zlib/contrib/ada/read.adb
/usr/local/doc/zlib/contrib/ada/readme.txt
/usr/local/doc/zlib/contrib/ada/test.adb
/usr/local/doc/zlib/contrib/ada/zlib-streams.adb
/usr/local/doc/zlib/contrib/ada/zlib-streams.ads
/usr/local/doc/zlib/contrib/ada/zlib-thin.adb
/usr/local/doc/zlib/contrib/ada/zlib-thin.ads
/usr/local/doc/zlib/contrib/ada/zlib.adb
/usr/local/doc/zlib/contrib/ada/zlib.ads
/usr/local/doc/zlib/contrib/ada/zlib.gpr
/usr/local/doc/zlib/contrib/asm586/README.586
/usr/local/doc/zlib/contrib/asm586/match.S
/usr/local/doc/zlib/contrib/asm686/README.686
/usr/local/doc/zlib/contrib/asm686/match.S
/usr/local/doc/zlib/contrib/blast/Makefile
/usr/local/doc/zlib/contrib/blast/README
/usr/local/doc/zlib/contrib/blast/blast.c
/usr/local/doc/zlib/contrib/blast/blast.h
/usr/local/doc/zlib/contrib/blast/test.pk
/usr/local/doc/zlib/contrib/blast/test.txt
/usr/local/doc/zlib/contrib/delphi/ZLib.pas
/usr/local/doc/zlib/contrib/delphi/ZLibConst.pas
/usr/local/doc/zlib/contrib/delphi/readme.txt
/usr/local/doc/zlib/contrib/delphi/zlibd32.mak
/usr/local/doc/zlib/contrib/dotzlib/DotZLib.build
/usr/local/doc/zlib/contrib/dotzlib/DotZLib.chm
/usr/local/doc/zlib/contrib/dotzlib/DotZLib.sln
/usr/local/doc/zlib/contrib/dotzlib/DotZLib/AssemblyInfo.cs
/usr/local/doc/zlib/contrib/dotzlib/DotZLib/ChecksumImpl.cs
/usr/local/doc/zlib/contrib/dotzlib/DotZLib/CircularBuffer.cs
/usr/local/doc/zlib/contrib/dotzlib/DotZLib/CodecBase.cs
/usr/local/doc/zlib/contrib/dotzlib/DotZLib/Deflater.cs
/usr/local/doc/zlib/contrib/dotzlib/DotZLib/DotZLib.cs
/usr/local/doc/zlib/contrib/dotzlib/DotZLib/DotZLib.csproj
/usr/local/doc/zlib/contrib/dotzlib/DotZLib/GZipStream.cs
/usr/local/doc/zlib/contrib/dotzlib/DotZLib/Inflater.cs
/usr/local/doc/zlib/contrib/dotzlib/DotZLib/UnitTests.cs
/usr/local/doc/zlib/contrib/dotzlib/LICENSE_1_0.txt
/usr/local/doc/zlib/contrib/dotzlib/readme.txt
/usr/local/doc/zlib/contrib/infback9/README
/usr/local/doc/zlib/contrib/infback9/infback9.c
/usr/local/doc/zlib/contrib/infback9/infback9.h
/usr/local/doc/zlib/contrib/infback9/inffix9.h
/usr/local/doc/zlib/contrib/infback9/inflate9.h
/usr/local/doc/zlib/contrib/infback9/inftree9.c
/usr/local/doc/zlib/contrib/infback9/inftree9.h
/usr/local/doc/zlib/contrib/inflate86/inffas86.c
/usr/local/doc/zlib/contrib/inflate86/inffast.S
/usr/local/doc/zlib/contrib/iostream/test.cpp
/usr/local/doc/zlib/contrib/iostream/zfstream.cpp
/usr/local/doc/zlib/contrib/iostream/zfstream.h
/usr/local/doc/zlib/contrib/iostream2/zstream.h
/usr/local/doc/zlib/contrib/iostream2/zstream_test.cpp
/usr/local/doc/zlib/contrib/iostream3/README
/usr/local/doc/zlib/contrib/iostream3/TODO
/usr/local/doc/zlib/contrib/iostream3/test.cc
/usr/local/doc/zlib/contrib/iostream3/zfstream.cc
/usr/local/doc/zlib/contrib/iostream3/zfstream.h
/usr/local/doc/zlib/contrib/masm686/match.asm
/usr/local/doc/zlib/contrib/masmx64/bld_ml64.bat
/usr/local/doc/zlib/contrib/masmx64/gvmat64.asm
/usr/local/doc/zlib/contrib/masmx64/gvmat64.obj
/usr/local/doc/zlib/contrib/masmx64/inffas8664.c
/usr/local/doc/zlib/contrib/masmx64/inffasx64.asm
/usr/local/doc/zlib/contrib/masmx64/inffasx64.obj
/usr/local/doc/zlib/contrib/masmx64/readme.txt
/usr/local/doc/zlib/contrib/masmx86/bld_ml32.bat
/usr/local/doc/zlib/contrib/masmx86/gvmat32.asm
/usr/local/doc/zlib/contrib/masmx86/gvmat32.obj
/usr/local/doc/zlib/contrib/masmx86/gvmat32c.c
/usr/local/doc/zlib/contrib/masmx86/inffas32.asm
/usr/local/doc/zlib/contrib/masmx86/inffas32.obj
/usr/local/doc/zlib/contrib/masmx86/mkasm.bat
/usr/local/doc/zlib/contrib/masmx86/readme.txt
/usr/local/doc/zlib/contrib/minizip/ChangeLogUnzip
/usr/local/doc/zlib/contrib/minizip/Makefile
/usr/local/doc/zlib/contrib/minizip/crypt.h
/usr/local/doc/zlib/contrib/minizip/ioapi.c
/usr/local/doc/zlib/contrib/minizip/ioapi.h
/usr/local/doc/zlib/contrib/minizip/iowin32.c
/usr/local/doc/zlib/contrib/minizip/iowin32.h
/usr/local/doc/zlib/contrib/minizip/miniunz.c
/usr/local/doc/zlib/contrib/minizip/minizip.c
/usr/local/doc/zlib/contrib/minizip/mztools.c
/usr/local/doc/zlib/contrib/minizip/mztools.h
/usr/local/doc/zlib/contrib/minizip/unzip.c
/usr/local/doc/zlib/contrib/minizip/unzip.h
/usr/local/doc/zlib/contrib/minizip/zip.c
/usr/local/doc/zlib/contrib/minizip/zip.h
/usr/local/doc/zlib/contrib/pascal/example.pas
/usr/local/doc/zlib/contrib/pascal/readme.txt
/usr/local/doc/zlib/contrib/pascal/zlibd32.mak
/usr/local/doc/zlib/contrib/pascal/zlibpas.pas
/usr/local/doc/zlib/contrib/puff/Makefile
/usr/local/doc/zlib/contrib/puff/README
/usr/local/doc/zlib/contrib/puff/puff.c
/usr/local/doc/zlib/contrib/puff/puff.h
/usr/local/doc/zlib/contrib/puff/zeros.raw
/usr/local/doc/zlib/contrib/testzlib/testzlib.c
/usr/local/doc/zlib/contrib/testzlib/testzlib.txt
/usr/local/doc/zlib/contrib/untgz/Makefile
/usr/local/doc/zlib/contrib/untgz/Makefile.msc
/usr/local/doc/zlib/contrib/untgz/untgz.c
/usr/local/doc/zlib/contrib/vstudio/readme.txt
/usr/local/doc/zlib/contrib/vstudio/vc7/miniunz.vcproj
/usr/local/doc/zlib/contrib/vstudio/vc7/minizip.vcproj
/usr/local/doc/zlib/contrib/vstudio/vc7/testzlib.vcproj
/usr/local/doc/zlib/contrib/vstudio/vc7/zlib.rc
/usr/local/doc/zlib/contrib/vstudio/vc7/zlibstat.vcproj
/usr/local/doc/zlib/contrib/vstudio/vc7/zlibvc.def
/usr/local/doc/zlib/contrib/vstudio/vc7/zlibvc.sln
/usr/local/doc/zlib/contrib/vstudio/vc7/zlibvc.vcproj
/usr/local/doc/zlib/contrib/vstudio/vc8/miniunz.vcproj
/usr/local/doc/zlib/contrib/vstudio/vc8/minizip.vcproj
/usr/local/doc/zlib/contrib/vstudio/vc8/testzlib.vcproj
/usr/local/doc/zlib/contrib/vstudio/vc8/testzlibdll.vcproj
/usr/local/doc/zlib/contrib/vstudio/vc8/zlib.rc
/usr/local/doc/zlib/contrib/vstudio/vc8/zlibstat.vcproj
/usr/local/doc/zlib/contrib/vstudio/vc8/zlibvc.def
/usr/local/doc/zlib/contrib/vstudio/vc8/zlibvc.sln
/usr/local/doc/zlib/contrib/vstudio/vc8/zlibvc.vcproj
/usr/local/doc/zlib/example.c
/usr/local/include/zconf.h
/usr/local/include/zlib.h
/usr/local/lib/libz.a
/usr/local/lib/libz.so 
/usr/local/lib/libz.so.1 
/usr/local/lib/libz.so.1.2.3
/usr/local/man/man3/zlib.3
[ verifying class  ]

Installation of <SMCzlib> was successful.

I was then able to run ssh and could see that the new version was in use. 

# ssh -v
OpenSSH_4.7p1, OpenSSL 0.9.8e 23 Feb 2007

Zlib was listed as a requirement for OpenSSH 4.7.1; I thought it was already present and hadn't bothered to check before installing that version of OpenSSH.

I then tried to restart the sshd daemon. I created a file /tmp.ssh_restart, which I made executable with chmod 700 ssh_restart, with the following commands: 

/etc/init.d/sshd stop
sleep 10
/etc/init.d/sshd start

I then set it to run in the background, hoping I wouldn't lose SSH access to the system, since I was trying to restart the SSH daemon from a remote location.

# /tmp/ssh_restart &
16314
# Stopping sshd
Starting sshd
Privilege separation user sshd does not exist

It did not restart. Though I remained connected, I could not establish new ssh connections.

# ssh -v 127.0.0.1
OpenSSH_4.7p1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22.
debug1: connect to address 127.0.0.1 port 22: Connection refused
ssh: connect to host 127.0.0.1 port 22: Connection refused

I resolved the "privilege separation" problem by creating an sshd group and account on the system. 

# groupadd -g 74 sshd
UX: groupadd: WARNING: gid 74 is reserved.

# useradd -u 74 -g 74 -c "Privilege-separated SSH" -d /var/empty/sshd -s /bin/false sshd
UX: useradd: WARNING: uid 74 is reserved.

I then reran the /tmp/ssh_restart script.

# /tmp/ssh &
22647
#
# Starting sshd

When I then tried connecting to the system via SSH, I could see that the new 4.7.1 version was running.

# ssh -v 127.0.0.1
OpenSSH_4.7p1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/1
debug1: identity file /.ssh/identity type -1
debug1: identity file /.ssh/id_rsa type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.7

References:

  1. Re: OpenSSH 3.7.1p1
    By: Scott Burch
    Date: September 26, 2003
    MARC: Mailing list ARChives


  2. Minimizing the Solaris Operating Environment for Security: Updated for Solaris 9 Operating Environment
    By: Sun Microsystems
    Date: February 7, 2003
    informIT


  3. Installation - Very nice OpenSSH 4.3p2 packages for 8,9,10
    By DTF
    Date: November 11, 2004
    Sun Developer Network (SDN) Forums


  4. Privilege separation user sshd does not exist
    By: perh
    Date: March 16, 2004
    UNIXguide.net


  5. FC4-Starting sshd: Privilege separation user sshd does not exist FAILED
    By: kiranherekar
    Date: December 23, 2005
    LinuxQuestions.org

[/os/unix/solaris/network] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo