hi
I m trying to update OpenSSH on my fantastic old Opensuse11.3 to the latest release -> 6.7p1
But I am facing some problems and would like help if possible.
**checking OpenSSL header version... 1000200f (OpenSSL 1.0.2 22 Jan 2015)
checking OpenSSL library version... 1000000f (OpenSSL 1.0.0 29 Mar 2010)
**checking whether OpenSSL's headers match the library... no
configure: error: Your OpenSSL headers do not match your
library. Check config.log for details.
If you are sure your installation is consistent, you can disable the check
by running "./configure --without-openssl-header-check".
Also see contrib/findssl.sh for help identifying header/library mismatches.
The problem is OpenSSL, because i upgraded first. and what i Would like to understand is how can i manage this to bypass this compile/build error .
I m not one expert on this and I would like some help from some one that understand better how openssl works and where is the directories with the libs so i can fix this … and carry on my upgrade …
Saying anything else than “You should upgrade to a supported version” would be completely irresponsible since you are also being targeted by the GHOST vulnerability which is remotely exploitable even if you patch your SSH.
What part of openssh did you install?
you’re running the configure script wrong
I belive the ./configure is checking for existing headers in /usr/include and it sees the old one’s, it will use those during build and will fail
try running this
export CFLAGS="-fPIC"
./config shared no-ssl2 no-ssl3 --openssldir=/usr/local/ssl
make depend
make all
sudo -E make install
okay
I think I’ve realized why what you’re telling me.
The problem is Glibc, and if I update it run a serious risk of making my system unstable or even give his ass.
Anyway, I’d like to upgrade openssh.
It would be possible for your help to overcome this error?
having written the above I belive there is a big chance even if you compile and install the new openssl that you will brake your installation and end up with a dead box, the best thing to do is what Miuku said update your system to 13.1 (it’s evergreen) if you didn’t put your /home in the root you’ll keep your setting and files.
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-tcp-wrappers --with-ssl-dir=/usr/local/ssl/ --with-ssl-engine
make
mv /etc/ssh /etc/ssh.old -> * I made this to save some config files and because i was getting on error because PAM that is not supported …*
make install
rcsshd restart
“Miuku” Tanks for the advice about the GHOST, i will take that in serious consideration, but now is not possible to upgrade my laptop…
“I_A” Thanks for the tip, helped .
On 2015-02-04, mymind <mymind@no-mx.forums.opensuse.org> wrote:
> “Miuku” Tanks for the advice about the GHOST, i will take that in
> serious consideration, but now is not possible to upgrade my laptop…
> “I_A” Thanks for the tip, helped .
While you were able to upgrade your openssh version from source, it is not a viable solution in the long-term. Your
GNU applications, Linux kernel, and openSUSE package manager/repositories are well beyond EOL and I would be concerned
to connect it to the internet, even before worrying about openssh. It may perhaps be helpful if you could explain why
you cannot upgrade your laptop OS, in case anyone might be in a position to help you.
also note that you probably have 2 versions of openssl and while possible to install from a tarball it’s not a good idea to do it on an rpm system.
Back up all your data immediately
I cannot emphasize what a bad idea it is to run an outdated system especially now with the GHOST vulnerability as well as several critical flash vulnerabilities that are all remotely exploitable.
Not to mention all the other issues that a kernel as old as yours has.
> hi I m trying to update OpenSSH my old Opensuse11.3 to the latest
> release → 6.7p1 But I am facing some problems and would like help if
> possible.
>
>
> Code:
> --------------------
>
> *checking OpenSSL header version… 1000200f (OpenSSL 1.0.2 22 Jan
> 2015) checking OpenSSL library version… 1000000f (OpenSSL 1.0.0 29
> Mar 2010) *checking whether OpenSSL’s headers match the library… no
> configure: error: Your OpenSSL headers do not match your library.
> Check config.log for details.
> If you are sure your installation is consistent, you can disable the
> check by running “./configure --without-openssl-header-check”.
> Also see contrib/findssl.sh for help identifying header/library
> mismatches.
>
> --------------------
>
>
> The problem is OpenSSL, because i upgraded first. and what i Would like
> to understand is how can i manage this to bypass this compile/build
> error .
> I m not one expert on this and I would like some help from some one that
> understand better how openssl works and help me fixing this … to carry
> on my upgrade …
>
> Tank s
You probably won’t be able to meet the dependencies easily - by the time
you meet them, you will have spent more time resolving those than you
would have just upgrading the system.
11.3 has not received security updates for a long time - and these aren’t
the only potential security issues that won’t have been fixed.