Folks, I've just updated a machine to the latest IBM supplied OpenSSL RPMS: openssl-0.9.6m-1 openssl-devel-0.9.6m-1 (this is a power4 running AIX 5.1) and Tried to upgrade to the latest OpenSSH (3.8p1 - both the release and a snapshot from about a week ago) I'm using: ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/opt/freeware and the compilation seems OK: OpenSSH has been configured with the following options: User binaries: /usr/bin System binaries: /usr/sbin Configuration files: /etc/ssh Askpass program: /usr/libexec/ssh-askpass Manual pages: /usr/man/manX PID file: /etc/ssh Privilege separation chroot path: /var/empty sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin Manpage format: man PAM support: no KerberosV support: no Smartcard support: no S/KEY support: no TCP Wrappers support: no MD5 password support: no IP address in $DISPLAY hack: no Translate v4 in v6 hack: no BSD Auth support: no Random number source: ssh-rand-helper ssh-rand-helper collects from: Command hashing (timeout 200) Host: powerpc-ibm-aix5.1.0.0 Compiler: cc Compiler flags: -g Preprocessor flags: -I/opt/freeware/include Linker flags: -L/opt/freeware/lib -blibpath:/usr/lib:/lib Libraries: -lcrypto -lz (yes it does pick up the correct SSL version : checking OpenSSL header version... 9060df (OpenSSL 0.9.6m 17 Mar 2004) checking OpenSSL library version... 9060df (OpenSSL 0.9.6m 17 Mar 2004) checking whether OpenSSL's headers match the library... yes checking whether OpenSSL's PRNG is internally seeded... no But when I come to run the SSH client or daemon I get: ./ssh localhost exec(): 0509-036 Cannot load program ./ssh because of the following errors: 0509-150 Dependent module libcrypto.a(libcrypto.so.0) could not be loaded. 0509-022 Cannot load module libcrypto.a(libcrypto.so.0). 0509-026 System error: A file or directory in the path name does not exist. Now, is this a fubarred installation of OpenSSL (libcrypto.so.0 doesn't exist in the RPM) or do I need to add a flag to force the static version? ls -l /opt/freeware/lib/libcrypto* -rw-r--r-- 1 root system 4317970 Mar 18 17:11 /opt/freeware/lib/libcrypto-static.a -rwxr-xr-x 1 root system 3454530 Mar 18 17:11 /opt/freeware/lib/libcrypto.a Many thanks Andrew -- Andrew Elwell <A.D.Elwell at dl.ac.uk> Room C5, Daresbury Laboratory, Keckwick Lane, Daresbury, WARRINGTON, WA4 4AD Tel: +44 (0)1925 603966 Mob: +44 (0)7952 922263 <-- NEW NUMBER Pager: 08700 555500 [883616]
Elwell, AD (Andrew) wrote:> Folks, > > I've just updated a machine to the latest IBM supplied OpenSSL RPMS: > openssl-0.9.6m-1 > openssl-devel-0.9.6m-1 > > (this is a power4 running AIX 5.1) > and Tried to upgrade to the latest OpenSSH (3.8p1 - both the release and a > snapshot from about a week ago)> ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/opt/freewareTry: blibpath="/usr/lib:/lib:/opt/freeware/lib" ./configure [other options] -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
> Try: > blibpath="/usr/lib:/lib:/opt/freeware/lib" ./configure [other options]Ahem. Shoulda Guessed. GLOBUS had screwed up my environment and stripped /opt/freeware/lib from my LIBPATH. seems to be OK at the moment - well it got as far as make tests anyhow before it fell over (see output) possibly OT (I don't imagine many lawyers in openssh-unix-dev) - What are the legal implications of allowing the SSH banner to be supressed using "ssh -q $host" if you have a "authorised users only...." type banner on $host - based on UK law. Ta Muchly Andrew -- output from "make tests" -- (cd openbsd-compat && make) make[1]: Entering directory `/tnd/work/z002/z002/ade45/openssh-3.8p1/openbsd-compat' make[1]: Nothing to be done for `all'. make[1]: Leaving directory `/tnd/work/z002/z002/ade45/openssh-3.8p1/openbsd-compat' BUILDDIR=`pwd`; \ [ -d `pwd`/regress ] || mkdir -p `pwd`/regress; \ [ -f `pwd`/regress/Makefile ] || \ ln -s ./regress/Makefile `pwd`/regress/Makefile ; \ TEST_SHELL="/opt/freeware/bin/bash"; \ TEST_SSH_SSH="${BUILDDIR}/ssh"; \ TEST_SSH_SSHD="${BUILDDIR}/sshd"; \ TEST_SSH_SSHAGENT="${BUILDDIR}/ssh-agent"; \ TEST_SSH_SSHADD="${BUILDDIR}/ssh-add"; \ TEST_SSH_SSHKEYGEN="${BUILDDIR}/ssh-keygen"; \ TEST_SSH_SSHKEYSCAN="${BUILDDIR}/ssh-keyscan"; \ TEST_SSH_SFTP="${BUILDDIR}/sftp"; \ TEST_SSH_SFTPSERVER="${BUILDDIR}/sftp-server"; \ cd ./regress || exit $?; \ make \ .OBJDIR="${BUILDDIR}/regress" \ .CURDIR="`pwd`" \ BUILDDIR="${BUILDDIR}" \ OBJ="${BUILDDIR}/regress/" \ PATH="${BUILDDIR}:${PATH}" \ TEST_SHELL="${TEST_SHELL}" \ TEST_SSH_SSH="${TEST_SSH_SSH}" \ TEST_SSH_SSHD="${TEST_SSH_SSHD}" \ TEST_SSH_SSHAGENT="${TEST_SSH_SSHAGENT}" \ TEST_SSH_SSHADD="${TEST_SSH_SSHADD}" \ TEST_SSH_SSHKEYGEN="${TEST_SSH_SSHKEYGEN}" \ TEST_SSH_SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}" \ TEST_SSH_SFTP="${TEST_SSH_SFTP}" \ TEST_SSH_SFTPSERVER="${TEST_SSH_SFTPSERVER}" \ EXEEXT="" \ tests make[1]: Entering directory `/tnd/work/z002/z002/ade45/openssh-3.8p1/regress' ssh-keygen -if /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress/rsa_ssh2.prv | diff - /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress/rsa_openssh.prv cat /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress/rsa_openssh.prv> /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress//t2.outchmod 600 /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress//t2.out ssh-keygen -yf /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress//t2.out | diff - /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress/rsa_openssh.pub ssh-keygen -ef /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress/rsa_openssh.pub>/tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress//rsa_secsh.pubssh-keygen -if /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress//rsa_secsh.pub | diff - /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress/rsa_openssh.pub rm -f /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress/rsa_secsh.pub ssh-keygen -lf /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress/rsa_openssh.pub |\ awk '{print $2}' | diff - /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress/t4.ok ssh-keygen -Bf /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress/rsa_openssh.pub |\ awk '{print $2}' | diff - /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress/t5.ok ssh-keygen -if /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress/dsa_ssh2.prv > /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress//t6.out1 ssh-keygen -if /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress/dsa_ssh2.pub > /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress//t6.out2 chmod 600 /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress//t6.out1 ssh-keygen -yf /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress//t6.out1 | diff - /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress//t6.out2 ssh-keygen -q -t rsa -N '' -f /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress//t7.out ssh-keygen -lf /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress//t7.out > /dev/null ssh-keygen -Bf /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/regress//t7.out > /dev/null run test connect.sh ... ok simple connect run test proxy-connect.sh ... ok proxy connect run test connect-privsep.sh ... ok proxy connect with privsep run test proto-version.sh ... ok sshd version with different protocol combinations run test proto-mismatch.sh ... ok protocol version mismatch run test exit-status.sh ... test remote exit status: proto 1 status 0 test remote exit status: proto 1 status 1 test remote exit status: proto 1 status 4 test remote exit status: proto 1 status 5 test remote exit status: proto 1 status 44 test remote exit status: proto 2 status 0 test remote exit status: proto 2 status 1 test remote exit status: proto 2 status 4 test remote exit status: proto 2 status 5 test remote exit status: proto 2 status 44 ok remote exit status run test transfer.sh ... transfer data: proto 1 transfer data: proto 2 ok transfer data run test banner.sh ... test banner: missing banner file test banner: size 0 test banner: size 10 test banner: size 100 test banner: size 1000 test banner: size 10000 test banner: size 100000 test banner: suppress banner (-q) ok banner run test rekey.sh ... ok rekey during transfer data run test stderr-data.sh ... test stderr data transfer: proto 1 () test stderr data transfer: proto 2 () test stderr data transfer: proto 1 (-n) test stderr data transfer: proto 2 (-n) ok stderr data transfer run test stderr-after-eof.sh ... ok stderr data after eof run test broken-pipe.sh ... ok broken pipe test run test try-ciphers.sh ... test try ciphers: proto 2 cipher aes128-cbc mac hmac-sha1 test try ciphers: proto 2 cipher aes128-cbc mac hmac-md5 test try ciphers: proto 2 cipher aes128-cbc mac hmac-sha1-96 test try ciphers: proto 2 cipher aes128-cbc mac hmac-md5-96 test try ciphers: proto 2 cipher 3des-cbc mac hmac-sha1 test try ciphers: proto 2 cipher 3des-cbc mac hmac-md5 test try ciphers: proto 2 cipher 3des-cbc mac hmac-sha1-96 test try ciphers: proto 2 cipher 3des-cbc mac hmac-md5-96 test try ciphers: proto 2 cipher blowfish-cbc mac hmac-sha1 test try ciphers: proto 2 cipher blowfish-cbc mac hmac-md5 test try ciphers: proto 2 cipher blowfish-cbc mac hmac-sha1-96 test try ciphers: proto 2 cipher blowfish-cbc mac hmac-md5-96 test try ciphers: proto 2 cipher cast128-cbc mac hmac-sha1 test try ciphers: proto 2 cipher cast128-cbc mac hmac-md5 test try ciphers: proto 2 cipher cast128-cbc mac hmac-sha1-96 test try ciphers: proto 2 cipher cast128-cbc mac hmac-md5-96 test try ciphers: proto 2 cipher arcfour mac hmac-sha1 test try ciphers: proto 2 cipher arcfour mac hmac-md5 test try ciphers: proto 2 cipher arcfour mac hmac-sha1-96 test try ciphers: proto 2 cipher arcfour mac hmac-md5-96 test try ciphers: proto 2 cipher aes192-cbc mac hmac-sha1 test try ciphers: proto 2 cipher aes192-cbc mac hmac-md5 test try ciphers: proto 2 cipher aes192-cbc mac hmac-sha1-96 test try ciphers: proto 2 cipher aes192-cbc mac hmac-md5-96 test try ciphers: proto 2 cipher aes256-cbc mac hmac-sha1 test try ciphers: proto 2 cipher aes256-cbc mac hmac-md5 test try ciphers: proto 2 cipher aes256-cbc mac hmac-sha1-96 test try ciphers: proto 2 cipher aes256-cbc mac hmac-md5-96 test try ciphers: proto 2 cipher rijndael-cbc at lysator.liu.se mac hmac-sha1 test try ciphers: proto 2 cipher rijndael-cbc at lysator.liu.se mac hmac-md5 test try ciphers: proto 2 cipher rijndael-cbc at lysator.liu.se mac hmac-sha1-96 test try ciphers: proto 2 cipher rijndael-cbc at lysator.liu.se mac hmac-md5-96 test try ciphers: proto 2 cipher aes128-ctr mac hmac-sha1 test try ciphers: proto 2 cipher aes128-ctr mac hmac-md5 test try ciphers: proto 2 cipher aes128-ctr mac hmac-sha1-96 test try ciphers: proto 2 cipher aes128-ctr mac hmac-md5-96 test try ciphers: proto 2 cipher aes192-ctr mac hmac-sha1 test try ciphers: proto 2 cipher aes192-ctr mac hmac-md5 test try ciphers: proto 2 cipher aes192-ctr mac hmac-sha1-96 test try ciphers: proto 2 cipher aes192-ctr mac hmac-md5-96 test try ciphers: proto 2 cipher aes256-ctr mac hmac-sha1 test try ciphers: proto 2 cipher aes256-ctr mac hmac-md5 test try ciphers: proto 2 cipher aes256-ctr mac hmac-sha1-96 test try ciphers: proto 2 cipher aes256-ctr mac hmac-md5-96 test try ciphers: proto 1 cipher 3des test try ciphers: proto 1 cipher blowfish ok try ciphers run test yes-head.sh ... sh: There is no process to read data written to a pipe. sh: There is no process to read data written to a pipe. ok yes pipe head run test agent.sh ... ssh-add -l via agent fwd proto 1 failed (exit code 0) exec(): 0509-036 Cannot load program /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/ssh because of the following errors: 0509-150 Dependent module libcrypto.a(libcrypto.so.0) could not be loaded. 0509-022 Cannot load module libcrypto.a(libcrypto.so.0). 0509-026 System error: A file or directory in the path name does not exist. agent fwd proto 1 failed (exit code 0) ssh-add -l via agent fwd proto 2 failed (exit code 0) exec(): 0509-036 Cannot load program /tnd/home/z002/z002/ade45/compile/openssh-3.8p1/ssh because of the following errors: 0509-150 Dependent module libcrypto.a(libcrypto.so.0) could not be loaded. 0509-022 Cannot load module libcrypto.a(libcrypto.so.0). 0509-026 System error: A file or directory in the path name does not exist. agent fwd proto 2 failed (exit code 0) failed simple agent test make[1]: *** [t-exec] Error 1 make[1]: Leaving directory `/tnd/work/z002/z002/ade45/openssh-3.8p1/regress' make: *** [tests] Error 2