Upgrading openssl - how?

rytek

Verified User
Joined
Aug 28, 2011
Messages
9
Hi.
First, sorry for my bad english :p

How I can upgrade openssl without problems?
I know, that I can broke openssh and I can't connect to server anymore...

So, How I can do this without any problems?

Can You explain me step-by-step how I can do this?

Thanks for all replies.

Cheers.
 
Oh, I'm using Debian:
Code:
server:/usr/local/directadmin/custombuild# cat /etc/debian_version
5.0.6
and:
Code:
server:/etc/httpd/conf/ssl.crt# openssl version
OpenSSL 0.9.8g 19 Oct 2007
 
Sorry for triple-post, but i have some information (maybe important).

I've trying upgrade via apt (I update apt repo's, and I simulate it), but in lenny repo is openssl 0.9.8g version. I have to install newer version, at least 0.9.8m.


Code:
apt-get install openssl -s
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
  openssl
1 upgraded, 0 newly installed, 0 to remove and 42 not upgraded.
2 not fully installed or removed.
Inst openssl [0.9.8g-15+lenny8] (0.9.8g-15+lenny11 Debian:5.0.8/oldstable, Debian-Security:5.0/oldstable)
Conf mysql-server-5.0 (5.0.51a-24+lenny5 Debian:5.0.8/oldstable, Debian-Security:5.0/oldstable)
Conf mysql-server (5.0.51a-24+lenny5 Debian:5.0.8/oldstable, Debian-Security:5.0/oldstable)
Conf openssl (0.9.8g-15+lenny11 Debian:5.0.8/oldstable, Debian-Security:5.0/oldstable)
 
Thanks for You reply.

Ok, I'll use update.script.

But, what I can do, if this method failed, and I can't connect to ssh (I have sometimes serious problems with my net provider, and disconnect may happen)?
I'm afraid of this. Can I repair this without ssh?

Thanks.
 
Depend on what is that isnt working,maybe you should enable telnet while you update ssh so if ssh doesnt start you should use telnet for restore.

I use DELL Server with a iDRAC card that permit remote kvm so, if ssh doesnt start i can always log back form that...

Regards
 
I have problem with update.script:
Code:
server:/usr/local/updatescript# ./update.script OPENSSL



##################################################################
#
# Update.Script did not support your OS, Sorry
#
##################################################################
What I can do in fact, that my debian lenny is not supported?
 
Those are the steps that update.script does

wget http://www.openssl.org/source/openssl-1.0.0d.tar.gz
tar xvzf openssl-1.0.0d.tar.gz
cd oopenssl-1.0.0d/ ; rm -rf /usr/lib/libssl.so.0 ; rm -rf /usr/lib/libssl.so ; rm -rf /lib/libssl.so.2 ; rm -rf /usr/lib/libcrypto.so.0
./config --prefix=/usr no-threads shared ; make ; make test ; make install ; echo "/usr/local/ssl/lib" >> /etc/ld.so.conf ; /sbin/ldconfig -v
rm -f /lib/libssl.so.4 ; rm -f /usr/lib/libcrypto.so.0 ; ln -s /usr/lib/libssl.so.1.0.0 /lib/libssl.so.4 ; ln -s /usr/lib/libcrypto.so.1.0.0 /usr/lib/libcrypto.so.0

Hope it help.

Regards
 
Many thanks :)

I've try editing update.script (I delete a supporteddistros command and md5 checking and it work :)
I've update ssh, apache and php after updating ssl, and I see, that:
Code:
 /etc/init.d/sshd restart
Restarting OpenBSD Secure Shell server: sshd.
works, but restarting by directadmin services page gives me an error:
Code:
An error has occurred

Details
 
Does it was working before?

I use to get those error on restarting services using DA CP, but ive never took time for check what was doing wrong so i use ssh for restart services... :)

You should analize directadmin logs for check whats wrong

Regards
 
Does it was working before?
I don't know.

I've search for error in logs located in /var/log, but without success.
I'm afraid of situation, that I have to restart my machine and ssh won't start ;)

So... I added openbsd-inetd service to directadmin services.status, and I can use telnet to start ssh if autostart failed - Is this correct?
 
the fact that on directadmin you cant restart sshd doesnt really mean that sshd isnt automaticly started on startup as far as i know..
 
Back
Top