3 Replies Latest reply: Aug 21, 2012 9:52 AM by 937383 RSS

    update ssh

    937383
      Hi guys,

      i would like to update ssh on my solaris 10 server and i am looking for some help how to do it.
      i would like to update it to the newest possible version.

      my current version is:
      -bash-3.00# ssh -V
      Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f

      will you be able to give me some help here?
        • 1. Re: update ssh
          User171873
          What do you mean by "update" ssh? If you want to update to the latest version of the ssh client supplied with Solaris you should apply the ssh patch 148096-04 (SPARC) or 148097-04 (Intel). This requires a service contract with Oracle.

          If you want features not available in the Solaris-supplied ssh which exist in another client (such as OpenSSH) you'd have to download and install that client. For example, you can get Solaris binary packages for OpenSSH at sunfreeware.com or opencsw.org or you could get the source from openssh.org and build it yourself.

          It all depends upon what you wish to accomplish by updating ssh.
          • 2. Re: update ssh
            937383
            thank you.

            unfortunately we don't have a contract with oracle.

            i wanted to patch up ssh to close security vulnerability.

            i downloaded latest openssl and openssh but have some errors while i wanted to compile.

            SunOS 5.10 Generic_120011-14 sun4u sparc SUNW,Sun-Fire-V245

            -bash-3.00# ./config
            Operating system: sun4u-whatever-solaris2
            NOTICE! If you know that your GNU C supports 64-bit/V9 ABI
            and wish to build 64-bit library, then you have to
            invoke './Configure solaris64-sparcv9-gcc' manually.
            You have about 5 seconds to press Ctrl-C to abort.
            Configuring for solaris-sparcv9-gcc
            Configuring for solaris-sparcv9-gcc
            no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
            no-gmp [default] OPENSSL_NO_GMP (skip dir)
            no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)
            no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5
            no-md2 [default] OPENSSL_NO_MD2 (skip dir)
            no-rc5 [default] OPENSSL_NO_RC5 (skip dir)
            no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)
            no-sctp [default] OPENSSL_NO_SCTP (skip dir)
            no-shared [default]
            no-store [experimental] OPENSSL_NO_STORE (skip dir)
            no-zlib [default]
            no-zlib-dynamic [default]
            IsMK1MF=0
            CC =gcc
            CFLAG =-DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM
            EX_LIBS =-lsocket -lnsl -ldl
            CPUID_OBJ =sparcv9cap.o sparccpuid.o
            BN_ASM =bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o
            DES_ENC =des_enc-sparc.o fcrypt_b.o
            AES_ENC =aes_core.o aes_cbc.o aes-sparcv9.o
            BF_ENC =bf_enc.o
            CAST_ENC =c_enc.o
            RC4_ENC =rc4_enc.o rc4_skey.o
            RC5_ENC =rc5_enc.o
            MD5_OBJ_ASM =
            SHA1_OBJ_ASM =sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o
            RMD160_OBJ_ASM=
            CMLL_ENC =camellia.o cmll_misc.o cmll_cbc.o
            MODES_OBJ =ghash-sparcv9.o
            ENGINES_OBJ =
            PROCESSOR =
            RANLIB =/usr/ccs/bin/ranlib
            ARFLAGS =
            PERL =/usr/bin/perl
            THIRTY_TWO_BIT mode
            DES_UNROLL used
            BN_LLONG mode
            RC4 uses uchar
            RC4_CHUNK is unsigned long
            BF_PTR used
            sh: /usr/ccs/bin: cannot execute

            ----
            -bash-3.00# make
            making all in crypto...
            /bin/sh: /usr/ccs/bin: cannot execute
            make: *** [build_crypto] Error 1


            ----
            -bash-3.00# more testlog
            OpenSSL self-test report:

            OpenSSL version: 1.0.1c
            Last change: Sanity check record length before skipping explicit IV ...
            Options: no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-zlib no-zlib-dynamic static-engine
            OS (uname): SunOS VENUS 5.10 Generic_120011-14 sun4u sparc SUNW,Sun-Fire-V245
            OS (config): sun4u-whatever-solaris2
            Target (default): solaris-sparcv9-gcc
            Target: solaris-sparcv9-gcc
            Compiler: Configured with: ../configure with-as=/usr/ccs/bin/as with-ld=/usr/ccs/bin/ld enable-shared enable-languages=c,c++,f77
            Thread model: posix
            gcc version 3.4.6

            Failure!
            -----------------------------------------------------------------------------
            make[1]: Entering directory `/install/openssl-1.0.1c'
            making all in crypto...
            /bin/sh: /usr/ccs/bin: cannot execute
            make[1]: *** [build_crypto] Error 1
            make[1]: Leaving directory `/install/openssl-1.0.1c'
            -----------------------------------------------------------------------------
            make[1]: Entering directory `/install/openssl-1.0.1c'
            testing...
            /bin/sh: /usr/ccs/bin: cannot execute
            make[1]: *** [tests] Error 1
            make[1]: Leaving directory `/install/openssl-1.0.1c'
            -----------------------------------------------------------------------------

            what does this line mean? sh: /usr/ccs/bin: cannot execute how can i fix it?
            • 3. Re: update ssh
              937383
              here is what i tried.

              i downloaded latest release of solaris and copied these packages to my solaris:


              SUNWsshcu
              SUNWsshdr
              SUNWsshdu
              SUNWsshr
              SUNWsshu

              i tried to install them but it failed.
              output for SUNWsshcu installation:

              Processing package instance <SUNWsshcu> from </install/ssh>

              SSH Common, (Usr)(i386) 11.10.0,REV=2005.01.21.16.34
              # ident "@(#)copyright 1.4 04/06/22 SMI"
              Portions of code copyright by the following authors:

              Copyright (c) 1992 Tatu Ylonen, Espoo, Finland
              Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
              Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina.
              Copyright (c) 1998 Free Software Foundation, Inc. *
              Copyright (c) 1999-2004 Markus Friedl. All rights reserved.
              Copyright (c) 1999-2004 Damien Miller. All rights reserved.
              Copyright (c) 2000 Andre Lucas. All rights reserved.
              Copyright (c) 2000 Corinna Vinschen <vinschen@cygnus.com>, Duisburg, Germany
              Copyright (c) 2000-2004 Niels Provos. All rights reserved.

              Copyright 2004 Sun Microsystems, Inc. All rights reserved.
              Use is subject to license terms.

              This appears to be an attempt to install the same architecture and
              version of a package which is already installed. This installation
              will attempt to overwrite this package.


              The installation of this package was previously terminated and
              installation was never successfully completed.

              Do you want to continue with the installation of <SUNWsshcu.2> [y,n,?] y
              ## Processing package information.
              ## Processing system information.
              4 package pathnames are already properly installed.
              ## Verifying package dependencies.
              ## Verifying disk space requirements.
              ## Checking for conflicts with packages already installed.

              The following files are already installed on the system and are being
              used by another package:
              /usr/bin/ssh-keygen
              /usr/bin/ssh-keyscan
              /usr/lib/ssh/ssh-keysign

              Do you want to install these conflicting files [y,n,?,q]y

              ## Checking for setuid/setgid programs.

              The following files are being installed with setuid and/or setgid
              permissions:
              * /usr/lib/ssh/ssh-keysign <setuid root>

              * - overwriting a file which is also setuid/setgid.

              Do you want to install these as setuid/setgid files [y,n,?,q] y

              This package contains scripts which will be executed with super-user
              permission during the process of installing this package.

              Do you want to continue with the installation of <SUNWsshcu.2> [y,n,?] y

              Installing SSH Common, (Usr) as <SUNWsshcu.2>

              ## Installing part 1 of 1.
              cpio: Can't read input:  end of file encountered prior to expected end of archive.

              1 errors
              Unarchiving of /install/ssh/SUNWsshcu/archive/none failed with error 1
              pkgadd: ERROR: class action script did not complete successfully

              Installation of <SUNWsshcu.2> failed.

              -----

              do you know how can i fix cpio cant read input error? is there anything else i have to do before installing these new packages?