posted by Justin Piszcz on Mon 7th Jun 2004 05:37 UTC

"Relink, Page 4/5"

Step 12 - Explore the directory structure

jpiszcz@jpt2:/app/openssh-3.8.1p1$ ls bin/
scp*  sftp*  slogin@  ssh*  ssh-add*  ssh-agent*  ssh-keygen*  ssh-keyscan*
jpiszcz@jpt2:/app/openssh-3.8.1p1$ ls etc/
moduli            ssh_host_dsa_key.pub  ssh_host_rsa_key
ssh_config        ssh_host_key          ssh_host_rsa_key.pub
ssh_host_dsa_key  ssh_host_key.pub      sshd_config
jpiszcz@jpt2:/app/openssh-3.8.1p1$ ls libexec/
sftp-server*  ssh-keysign*
jpiszcz@jpt2:/app/openssh-3.8.1p1$ ls man/
man1/  man5/  man8/
jpiszcz@jpt2:/app/openssh-3.8.1p1$ ls sbin/
sshd*
jpiszcz@jpt2:/app/openssh-3.8.1p1$ ls share/
Ssh.bin
jpiszcz@jpt2:/app/openssh-3.8.1p1$
jpiszcz@jpt2:/app/openssh-3.8.1p1$ du -sh $PWD
1.4M    /app/openssh-3.8.1p1
jpiszcz@jpt2:/app/openssh-3.8.1p1$

Step 13 - Make sure ssh/sshd are using the new library

jpiszcz@jpt2:/app/openssh-3.8.1p1$ ldd `which ssh`
        libresolv.so.2 => /lib/libresolv.so.2 (0x4002c000)
*       libcrypto.so.0.9.7 => /vapp/lib/libcrypto.so.0.9.7 (0x4003e000)
        libutil.so.1 => /lib/libutil.so.1 (0x40132000)
        libz.so.1 => /usr/lib/libz.so.1 (0x40135000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x40143000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x40158000)
        libc.so.6 => /lib/libc.so.6 (0x40185000)
        libdl.so.2 => /lib/libdl.so.2 (0x402b4000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
jpiszcz@jpt2:/app/openssh-3.8.1p1$ ldd `which sshd`
        libresolv.so.2 => /lib/libresolv.so.2 (0x4002c000)
*       libcrypto.so.0.9.7 => /vapp/lib/libcrypto.so.0.9.7 (0x4003e000)
        libutil.so.1 => /lib/libutil.so.1 (0x40132000)
        libz.so.1 => /usr/lib/libz.so.1 (0x40135000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x40143000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x40158000)
        libc.so.6 => /lib/libc.so.6 (0x40185000)
        libdl.so.2 => /lib/libdl.so.2 (0x402b4000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
jpiszcz@jpt2:/app/openssh-3.8.1p1$ ls -l /vapp/lib/libcrypto.so.0.9.7
lrwxrwxrwx  1 jpiszcz users 47 May 27 00:10 /vapp/lib/libcrypto.so.0.9.7 -> \
../../app/openssl-0.9.7d/lib/libcrypto.so.0.9.7*
jpiszcz@jpt2:/app/openssh-3.8.1p1$

jpiszcz@jpt2:~$ ssh -V
OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
jpiszcz@jpt2:~$
You have successfully installed the latest versions of OpenSSH and OpenSSL (as of 05/27/2004)!

Step 14 - Setting up OpenSSH daemon

I've explained the installation of the client so I may as well describe how to setup the daemon.

As you know, you can use OpenSSH daemon as a standalone daemon or run from (x)inetd, in my examples I will show all three.

Example 1] Run as daemon.
In a startup script, simply type.
/vapp/bin/sshd &

Example 2:] Run from inetd.
Add the following line to /etc/inetd.conf as root:
ssh         stream  tcp     nowait  root    /vapp/sbin/sshd sshd -i
As root type: killall -HUP inetd
root@jpt2:~# vi /etc/inetd.conf
root@jpt2:~# killall -HUP inetd
root@jpt2:~#
Kill the old version of daemon running (preferably in a telnet session).
root@jpt2:~# killall -9 sshd
Connection to 192.168.0.101 closed by remote host.
Connection to 192.168.0.101 closed.
Please do not ask me why, but after you killall -9 sshd, you have to killall -HUP inetd once more.

If you do not do this, you will get:

$ ssh -v 192.168.0.101
OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /home/war/.ssh/config
debug1: Reading configuration data /app/openssh-3.8.1p1/etc/ssh_config
debug1: Connecting to 192.168.0.101 [192.168.0.101] port 22.
debug1: connect to address 192.168.0.101 port 22: Connection refused
ssh: connect to host 192.168.0.101 port 22: Connection refused
After killall -HUP inetd once more (mentioned above), then it works:
war@p500:~$ ssh -l jpiszcz -v 192.168.0.101
OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /home/war/.ssh/config
debug1: Reading configuration data /app/openssh-3.8.1p1/etc/ssh_config
debug1: Connecting to 192.168.0.101 [192.168.0.101] port 22.
debug1: Connection established.
debug1: identity file /home/war/.ssh/identity type -1
debug1: identity file /home/war/.ssh/id_rsa type -1
debug1: identity file /home/war/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.8.1p1
debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 zlib
debug1: kex: client->server aes128-cbc hmac-md5 zlib
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.0.101' is known and matches the RSA host key.
debug1: Found key in /home/war/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: Enabling compression at level 6.
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/war/.ssh/identity
debug1: Trying private key: /home/war/.ssh/id_rsa
debug1: Trying private key: /home/war/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
jpiszcz@192.168.0.101's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
Linux 2.4.22.
jpiszcz@jpt2:~$

Step 15 - Making sure your sshd uses the latest OpenSSL

There are a few ways of accomplishing this.

1] Most simple, run it as a daemon (make sure to source bashrc/profile beforehand).

2] Edit your boot scripts to use /vapp first (or source your bashrc/profile) first before running inetd. Then your entire environment can encompass /vapp and this will be searched/linked upon before anything else.

3] Remove old versions of OpenSSL on your system.

I personally choose number 3 to be absolutely sure.

root@jpt2:/var/log/packages# removepkg openssl-*

Removing package /var/log/packages/openssl-0.9.7d-i486-1...
Removing files:
.. deleting files ..
Removing package /var/log/packages/openssl-solibs-0.9.7d-i486-1...
Removing files:
.. deleting files ..
Now when I try to login:
$ ssh -l jpiszcz -v 192.168.0.101
OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /home/war/.ssh/config
debug1: Reading configuration data /app/openssh-3.8.1p1/etc/ssh_config
debug1: Connecting to 192.168.0.101 [192.168.0.101] port 22.
debug1: Connection established.
debug1: identity file /home/war/.ssh/identity type -1
debug1: identity file /home/war/.ssh/id_rsa type -1
debug1: identity file /home/war/.ssh/id_dsa type -1
debug1: ssh_exchange_identification: sshd: error while loading shared libraries: \
libcrypto.so.0.9.7: cannot open shared object file: No such file or directory

ssh_exchange_identification: Connection closed by remote host
Ah hah! It was using the older OpenSSL!

To fix this, run ldconfig (update shared library paths) and then login.

jpiszcz@p500:~$ telnet 192.168.0.101
Trying 192.168.0.101...
Connected to 192.168.0.101.
Escape character is '^]'.

jpt2 login: jpiszcz
Password:
Linux 2.4.22.
Last login: Thu May 27 00:50:44 -0400 2004 on pts/0 from p500.
No mail.
jpiszcz@jpt2:~$ su -
Password:
root@jpt2:~# ldconfig
root@jpt2:~# logout
jpiszcz@jpt2:~$ logout
Connection closed by foreign host.
jpiszcz@p500:~$ ssh -l jpiszcz -v 192.168.0.101
OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /home/jpiszcz/.ssh/config
debug1: Reading configuration data /app/openssh-3.8.1p1/etc/ssh_config
debug1: Connecting to 192.168.0.101 [192.168.0.101] port 22.
debug1: Connection established.
debug1: identity file /home/jpiszcz/.ssh/identity type -1
debug1: identity file /home/jpiszcz/.ssh/id_rsa type -1
debug1: identity file /home/jpiszcz/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote softjpiszcze version OpenSSH_3.8.1p1
debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 zlib
debug1: kex: client->server aes128-cbc hmac-md5 zlib
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.0.101' is known and matches the RSA host key.
debug1: Found key in /home/jpiszcz/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: Enabling compression at level 6.
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/jpiszcz/.ssh/identity
debug1: Trying private key: /home/jpiszcz/.ssh/id_rsa
debug1: Trying private key: /home/jpiszcz/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
jpiszcz@192.168.0.101's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
Last login: Thu May 27 00:52:31 2004 from p500
Linux 2.4.22.
jpiszcz@jpt2:~$

Finally we have installed the newest version of OpenSSH with the newest version of OpenSSL and we are 100% certain it is using the newest version of OpenSSL as no other versions exist on the system.

Removing an application

We are now on step two of the following list.

  1. Install a library into /app. (DONE)
  2. Install a program that depends on the library installed in /app. (DONE)
  3. Remove a program.
  4. Upgrade a program.

This clearly demonstrates the power of relink.

Say a new version of OpenSSH came out and you want to remove the one you have installed.

jpiszcz@jpt2:~$ mv /app/openssh-3.8.1p1 .
jpiszcz@jpt2:~$ relink
  44 link(s) removed
jpiszcz@jpt2:~$
Voila! It is uninstalled.
Table of contents
  1. "Relink, Page 1/5"
  2. "Relink, Page 2/5"
  3. "Relink, Page 3/5"
  4. "Relink, Page 4/5"
  5. "Relink, Page 5/5"
e p (0)    27 Comment(s)

Technology White Papers

See More