Upgrading SSH on CentOS 5 - RPM Build Error

Hi there,

I'm trying to upgrade OpenSSH from 4.3p2 to 5.8p1
I'm following instructions from: http://dancunningham.co.uk/2011/06/22/upgrade-openssh-on-centos-5/

When I started, 5.8p2  so I just changed it to 5.8p1 and downloaded it myself.

However I get right to the end at rpm build then get an error - I copied in below the error log

#!/bin/sh

  RPM_SOURCE_DIR="/usr/src/redhat/SOURCES"
  RPM_BUILD_DIR="/usr/src/redhat/BUILD"
  RPM_OPT_FLAGS="-O2 -g -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables"
  RPM_ARCH="i386"
  RPM_OS="linux"
  export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS
  RPM_DOC_DIR="/usr/share/doc"
  export RPM_DOC_DIR
  RPM_PACKAGE_NAME="openssh"
  RPM_PACKAGE_VERSION="5.8p1"
  RPM_PACKAGE_RELEASE="1"
  export RPM_PACKAGE_NAME RPM_PACKAGE_VERSION RPM_PACKAGE_RELEASE
  RPM_BUILD_ROOT="/var/tmp/openssh-5.8p1-buildroot"
  export RPM_BUILD_ROOT
 
  PKG_CONFIG_PATH="/usr/lib/pkgconfig:/usr/share/pkgconfig"
  export PKG_CONFIG_PATH
 
  set -x
  umask 022
  cd "/usr/src/redhat/BUILD"
cd 'openssh-5.8p1'

K5DIR=`rpm -ql krb5-devel | grep include/krb5.h | sed 's,\/include\/krb5.h,,'`
echo K5DIR=$K5DIR


  CFLAGS="${CFLAGS:--O2 -g -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables}" ; export CFLAGS ;
  CXXFLAGS="${CXXFLAGS:--O2 -g -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables}" ; export CXXFLAGS ;
  FFLAGS="${FFLAGS:--O2 -g -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables}" ; export FFLAGS ;
  ./configure --host=i686-redhat-linux-gnu --build=i686-redhat-linux-gnu \
      --target=i386-redhat-linux \
      --program-prefix= \
       --prefix=/usr \
      --exec-prefix=/usr \
      --bindir=/usr/bin \
      --sbindir=/usr/sbin \
      --sysconfdir=/etc \
      --datadir=/usr/share \
      --includedir=/usr/include \
      --libdir=/usr/lib \
      --libexecdir=/usr/libexec \
      --localstatedir=/var \
      --sharedstatedir=/usr/com \
      --mandir=/usr/share/man \
      --infodir=/usr/share/info \
      --sysconfdir=/etc/ssh \
      --libexecdir=/usr/libexec/openssh \
      --datadir=/usr/share/openssh \
      --with-tcp-wrappers \
      --with-rsh=/usr/bin/rsh \
      --with-default-path=/usr/local/bin:/bin:/usr/bin \
      --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
      --with-privsep-path=/var/empty/sshd \
      --with-md5-passwords \
      --with-pam \
       --with-kerberos5=$K5DIR \



make


# Define a variable to toggle gnome1/gtk2 building.  This is necessary
# because RPM doesn't handle nested %if statements.
%if 1
gtk2=yes
%else
      gtk2=no
%endif


exit 0

Any ideas?
LVL 1
Luke_flemingAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kanalQkoTechnical Support EngineerCommented:
add Fedora repo to your local yum repos and just type in terminal "yum update openssh" that`s all (probably priority should be changed too)

to add fedora/epel repo run following command "rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm"
when done you could update/install openssh via yum
0
kanalQkoTechnical Support EngineerCommented:
or if you won`t add epel repo, just download that package http://pkgs.org/centos-5-rhel-5/centalt-i386/openssh-5.8p2-16.el5.1.i386.rpm.html (choose i386 or x64)
and install it via RPM or YUM
0
Kerem ERSOYPresidentCommented:
Hi,

If you want to use a precompiled binary you can get it from a repo as the lanalQko indicated.

But if you want to see ehat is wrong with the compilation you should post the error message here. When I wanted to compile I had 2 problems:

- The first one was the error that you have got. I've fixed it by installing pam-devel since it was looking for some pam header files and they are located in pam-devel:
yum install pam-devel

Open in new window

- Then I had a problem with documentation. It was looking for some WARNING* documentation to copy but could not find them there. To fix this I've edited the spec.file and changed the line to read like the second one (Removing WARNING* ):
%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* PROTOCOL* TODO WARNING*

Open in new window

%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* PROTOCOL* TODO

Open in new window

After this it has successfully finished the compile.
Obsoletes: ssh-server
Checking for unpackaged file(s): /usr/lib/rpm/check-files /var/tmp/openssh-5.9p1-buildroot
Wrote: /usr/src/redhat/RPMS/x86_64/openssh-5.9p1-1.x86_64.rpm
Wrote: /usr/src/redhat/RPMS/x86_64/openssh-clients-5.9p1-1.x86_64.rpm
Wrote: /usr/src/redhat/RPMS/x86_64/openssh-server-5.9p1-1.x86_64.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.27268

Open in new window


I hope this helps.

Cheers,
K.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Luke_flemingAuthor Commented:
Hi,

So first of all I tried installing Fedora repo:

<code>-bash-3.2# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm
Retrieving http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm
error: skipping http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm - transfer failed - Unknown or unexpected error
warning: u 0x8e45768 ctrl 0x95b2910 nrefs != 0 (download.fedoraproject.org http)
-bash-3.2#</code>

And then I tried loading the OpenSSH package directly:

<code>-bash-3.2# rpm -Uvh http://centos.alt.ru/repository/centos/5/i386/openssh-server-5.8p2-16.el5.1.i386.rpm
Retrieving http://centos.alt.ru/repository/centos/5/i386/openssh-server-5.8p2-16.el5.1.i386.rpm
error: Failed dependencies:
        openssh = 5.8p2-16.el5.1 is needed by openssh-server-5.8p2-16.el5.1.i386
-bash-3.2#</code>


I believe I'm getting these errors becuase in CentOS 5 there are no repos for OpenSSH 4.4+
which is why I was building my own RPM from those instructions in my first post.

KeremE - I will try you solution shortly - see what we get!

Thanks,
0
Kerem ERSOYPresidentCommented:
Hi,

<code>-bash-3.2# rpm -Uvh http://centos.alt.ru/repository/centos/5/i386/openssh-server-5.8p2-16.el5.1.i386.rpm
Retrieving http://centos.alt.ru/repository/centos/5/i386/openssh-server-5.8p2-16.el5.1.i386.rpm
error: Failed dependencies:
        openssh = 5.8p2-16.el5.1 is needed by openssh-server-5.8p2-16.el5.1.i386
-bash-3.2#</code>

You should have 3 rpms ready to install the new version As you can see from what I've posted these are:

openssh-5.9p1-1.x86_64.rpm   or the equivalent i386 version (replace x86_64 with i386)
openssh-clients-5.9p1-1.x86_64.rpm
openssh-server-5.9p1-1.x86_64.rpm

You can not install them successfully without downloading all 3 of them. They all dependent on each other.

KeremE - I will try you solution shortly - see what we get!

Just take your time.

Cheers,
K.
0
kanalQkoTechnical Support EngineerCommented:
If you will configure yum repos properly, then it will install dependencies automatically,
It's better to use yum than rpm installer
0
Kerem ERSOYPresidentCommented:
<code>-bash-3.2# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm
Retrieving http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm
error: skipping http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm - transfer failed - Unknown or unexpected error
warning: u 0x8e45768 ctrl 0x95b2910 nrefs != 0 (download.fedoraproject.org http)
-bash-3.2#</code>

Even if you2d succeededt it would not work you're trying to install RHRL 6 version of EPEL. AFAIK you use RHEL 5 !!!
0
kanalQkoTechnical Support EngineerCommented:
KeremE has right therefore you could use EPEL 5 repo

"rpm -ivh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm"
0
Luke_flemingAuthor Commented:
Now I'm getting this when trying EPEL 5:

-bash-3.2# rpm -ivh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
Retrieving http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
error: skipping http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm - transfer failed - Unknown or unexpected error
warning: u 0x8a18768 ctrl 0x9185910 nrefs != 0 (download.fedoraproject.org http)
-bash-3.2#
0
kanalQkoTechnical Support EngineerCommented:
download it manually via wget

cd /tmp
wget http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
rpm -ivh epel-release-5-4.noarch.rpm
0
Luke_flemingAuthor Commented:
"package epel-release-5-4.noarch is already installed"


I've already tried yum update openssh

But there are no updates for it on my version of Centos 5. So this takes me back to im pretty sure that there is no predefined binaried to upgrade openssh on CentOS 5 ? Anyone know of any others?
0
kanalQkoTechnical Support EngineerCommented:
in that case you could follow up this:

http://survivalguides.wordpress.com/2011/05/20/installing-openssh-5-8-centos-5-5/

I know, you have already followed up similar guide
0
Luke_flemingAuthor Commented:
I managed to build the RPM by following KeremE's instructions, now I have the three RPM's I need they wont install


-bash-3.2# rpm -Uvh *.rpm
error: Failed dependencies:
        openssh = 4.3p2-82.el5 is needed by (installed) openssh-askpass-4.3p2-82.el5.i386


I believe this is an update for OpenSSH 4.3p2
Obviously - this isnt available by doing yum update openssh....

Any ideas?

Thanks!
0
Kerem ERSOYPresidentCommented:
I've already tried yum update openssh

But there are no updates for it on my version of Centos 5. So this takes me back to im pretty sure that there is no predefined binaried to upgrade openssh on CentOS 5 ? Anyone know of any others?

I don2t think it is possible to replace CentOS supplied OpenSSH over the existing repos. You'll either remove openssh and reinstall using yum after disabling base and updates libraries and enabling epel library. Or you'll need to compile it as I've suggested earlier.

Another option is to get all three rpms and install them manually.

Cheers,
K.
0
kanalQkoTechnical Support EngineerCommented:
that`s right, anyway I`d recommend you to upgrade whole OS, centos 5 is quite old
0
Luke_flemingAuthor Commented:
upgrading centOS 5 is a massive job though - especially we have to do it remotely.
I know this is the ideal situation.  Is there any good online guides? Maybe I can start planning it.

Thanks
0
Kerem ERSOYPresidentCommented:
-bash-3.2# rpm -Uvh *.rpm
error: Failed dependencies:
        openssh = 4.3p2-82.el5 is needed by (installed) openssh-askpass-4.3p2-82.el5.i386


I believe this is an update for OpenSSH 4.3p2
Obviously - this isnt available by doing yum update openssh....

You'll first need to remove the existing OpenSSH askpass module.  Newly compiled rpms do not have a rpm for askpass and therefore it remains there. When it remains it would need the base openssh module. This is a clash. So first remove the SSH askpass module using this command:
rpm -ev openssh-askpass| 

Open in new window


Then do the install using rpms.

Cheers,
K.
0
Kerem ERSOYPresidentCommented:
upgrading centOS 5 is a massive job though - especially we have to do it remotely.
I know this is the ideal situation.  Is there any good online guides? Maybe I can start planning it.

If all you need is just a new OpsnSSH upgrading the whole system to CentOS 6 is an overkill. CentOS 5 will have support for 1-2 years more so you can plan the upgrade for a later time.

for the time being removing the ask-pass module should do..

Cheers,
K.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Luke_flemingAuthor Commented:
Amazing!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Distributions

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.