Compile Openssh on old suse release

hi
I m trying to update OpenSSH on my fantastic old Opensuse11.3 to the latest release -> 6.7p1
But I am facing some problems and would like help if possible.


**checking OpenSSL header version... 1000200f (OpenSSL 1.0.2 22 Jan 2015)
checking OpenSSL library version... 1000000f (OpenSSL 1.0.0 29 Mar 2010)
**checking whether OpenSSL's headers match the library... no
configure: error: Your OpenSSL headers do not match your
library. Check config.log for details.
If you are sure your installation is consistent, you can disable the check
by running "./configure --without-openssl-header-check".
Also see contrib/findssl.sh for help identifying header/library mismatches.

The problem is OpenSSL, because i upgraded first. and what i Would like to understand is how can i manage this to bypass this compile/build error .
I m not one expert on this and I would like some help from some one that understand better how openssl works and where is the directories with the libs so i can fix this … and carry on my upgrade …

Tank s

Saying anything else than “You should upgrade to a supported version” would be completely irresponsible since you are also being targeted by the GHOST vulnerability which is remotely exploitable even if you patch your SSH.

Why ?
Upgrade openssh and openssl is not enough ? where do i still have vunerabillity ?

Listen upgrade my Laptop OS is out of question for now …
I know that upgrade my OS is the best i could do … but now i have to follow a diffrent path…

Could you help me fixing this compile error that m facing ? without considering upgrade OS .

Tank s

is possible to upgrade glibc to ?

What part of openssh did you install?
you’re running the configure script wrong
I belive the ./configure is checking for existing headers in /usr/include and it sees the old one’s, it will use those during build and will fail
try running this

export CFLAGS="-fPIC"
./config shared no-ssl2 no-ssl3 --openssldir=/usr/local/ssl
make depend
make all
sudo -E make install

if that fails
execute

./configure --help

and see all the options

okay
I think I’ve realized why what you’re telling me.
The problem is Glibc, and if I update it run a serious risk of making my system unstable or even give his ass.

Anyway, I’d like to upgrade openssh.
It would be possible for your help to overcome this error?

having written the above I belive there is a big chance even if you compile and install the new openssl that you will brake your installation and end up with a dead box, the best thing to do is what Miuku said update your system to 13.1 (it’s evergreen) if you didn’t put your /home in the root you’ll keep your setting and files.

Tnk s for the tip…

Okay
So after watch the help i made out …

./configure --with-ssl-headers=/usr/local/ssl/include/ --with-ssl-lib=/usr/local/ssl/lib/
make
make install
everything run well

then i restart the sshd service

But I m still in OpenSSH_5.4p1, OpenSSL 1.0.0 29 Mar 2010

why this happen ?

sorry i have one error on the message …

the correct is :

./configure --with-ssl-dir=/usr/local/ssl/ --with-ssl-engine
make
make install

the problem is that the i am still on the old release …
OpenSSH_5.4p1, OpenSSL 1.0.0 29 Mar 2010

I finally figure it out .
Here is how i do it :

./configure --prefix=/usr --sysconfdir=/etc/ssh --with-tcp-wrappers --with-ssl-dir=/usr/local/ssl/ --with-ssl-engine
make
mv /etc/ssh /etc/ssh.old -> * I made this to save some config files and because i was getting on error because PAM that is not supported …*
make install
rcsshd restart

and now i have :

OpenSSH_6.7p1, OpenSSL 1.0.2 22 Jan 2015
usage: sshd -46DdeiqTt] -b bits] -C connection_spec] -c host_cert_file]
-E log_file] -f config_file] -g login_grace_time]
-h host_key_file] -k key_gen_time] -o option] -p port]
-u len]

“Miuku” Tanks for the advice about the GHOST, i will take that in serious consideration, but now is not possible to upgrade my laptop…
“I_A” Thanks for the tip, helped .:wink:

On 2015-02-04, mymind <mymind@no-mx.forums.opensuse.org> wrote:
> “Miuku” Tanks for the advice about the GHOST, i will take that in
> serious consideration, but now is not possible to upgrade my laptop…
> “I_A” Thanks for the tip, helped .:wink:

While you were able to upgrade your openssh version from source, it is not a viable solution in the long-term. Your
GNU applications, Linux kernel, and openSUSE package manager/repositories are well beyond EOL and I would be concerned
to connect it to the internet, even before worrying about openssh. It may perhaps be helpful if you could explain why
you cannot upgrade your laptop OS, in case anyone might be in a position to help you.

also note that you probably have 2 versions of openssl and while possible to install from a tarball it’s not a good idea to do it on an rpm system.
Back up all your data immediately

I cannot emphasize what a bad idea it is to run an outdated system especially now with the GHOST vulnerability as well as several critical flash vulnerabilities that are all remotely exploitable.

Not to mention all the other issues that a kernel as old as yours has.

On Wed, 04 Feb 2015 11:06:01 +0000, mymind wrote:

> hi I m trying to update OpenSSH my old Opensuse11.3 to the latest
> release → 6.7p1 But I am facing some problems and would like help if
> possible.
>
>
> Code:
> --------------------
>
> *checking OpenSSL header version… 1000200f (OpenSSL 1.0.2 22 Jan
> 2015) checking OpenSSL library version… 1000000f (OpenSSL 1.0.0 29
> Mar 2010) *checking whether OpenSSL’s headers match the library… no
> configure: error: Your OpenSSL headers do not match your library.
> Check config.log for details.
> If you are sure your installation is consistent, you can disable the
> check by running “./configure --without-openssl-header-check”.
> Also see contrib/findssl.sh for help identifying header/library
> mismatches.
>
> --------------------
>
>
> The problem is OpenSSL, because i upgraded first. and what i Would like
> to understand is how can i manage this to bypass this compile/build
> error .
> I m not one expert on this and I would like some help from some one that
> understand better how openssl works and help me fixing this … to carry
> on my upgrade …
>
> Tank s

You probably won’t be able to meet the dependencies easily - by the time
you meet them, you will have spent more time resolving those than you
would have just upgrading the system.

11.3 has not received security updates for a long time - and these aren’t
the only potential security issues that won’t have been fixed.

Jim

Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

On Wed, 04 Feb 2015 12:16:01 +0000, mymind wrote:

> It would be possible for your help to overcome this error?

Yes, upgrade to 13.1 or 13.2. That’s how you overcome this error. :slight_smile:

Jim


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C