OpenSSL library not found

Hi, I need your help to fix this issue. I have installed OpenSSL-1.1.0g which is required by OpenSSh-7.6p1.

During the installation of OpenSSL-1.1.0g, I encountered an error:

openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

so I applied this fix which I found online: add the path /usr/local/lib64 to /etc/ld.so.conf and run ldconfig

After that, I checked openssl version and OpenSSL-1.1.0g had been installed. I proceeded with the installation of OpenSSH-7.6p1 and at the end of the initial process, I got this error:

checking OpenSSL header version... 1010007f (OpenSSL 1.1.0g  2 Nov 2017)
checking OpenSSL library version... not found
configure: error: OpenSSL library not found.


I am following the instructions to install OpenSSH from here: http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssh.html

Please help.

Server OS Red Hat Enterprise Linux Server 7.4 (Maipo)‬

Thanks,

Jorge Batres
Jorge BatresAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jorge BatresAuthor Commented:
Can anybody please help?

These are the instructions I followed:

./config --prefix=/usr         \
         --openssldir=/etc/ssl \
         --libdir=lib          \
         shared                \
         zlib-dynamic &&
make

To test the results, issue: make test.

If you want to disable installing the static libraries, use this sed:

sed -i 's# libcrypto.a##;s# libssl.a##;/INSTALL_LIBS/s#libcrypto.a##' Makefile


Now, as the root user:

make MANSUFFIX=ssl install           &&
mv -v /usr/share/doc/openssl{,-1.1.0g} &&
cp -vfr doc/* /usr/share/doc/openssl-1.1.0g

Thanks,

Jorge Batres
Duncan RoeSoftware DeveloperCommented:
Please post config.log. That will show exactly what went wrong.
Because your ./config line included --prefix=/usr there is no point in adding /usr/local/lib64. It will have put libraries in /usr/lib64 (/usr/lib if you still have a 32-bit system).
Jorge BatresAuthor Commented:
Hi Duncan and thank you for replying to my question. Please find attached the config.log file. It is quite large I think.

Thanks,

Jorge Batres
config.log
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Jorge BatresAuthor Commented:
I looked at /usr/lib64 folder and it is empty. Also, I looked at /usr/lib and found this which belongs to the previous OpenSSL that was installed in the server:
 lrwxrwxrwx.  1 root root        16 Jan 18 00:12 libssl.so -> libssl.so.1.0.2k
lrwxrwxrwx.  1 root root        16 Jan 17 17:56 libssl.so.10 -> libssl.so.1.0.2k
-rwxr-xr-x.  1 root root    470336 May 17  2017 libssl.so.1.0.2k

I looked at /lib and found the library there: libssl.so.1.1

I just don't know how can use it to install OpenSSH-7.6.p1

Thanks,

Jorge Batres
Duncan RoeSoftware DeveloperCommented:
Did you run ldconfig? (If you had installed via rpm, it would have. But obviously you're not doing that.).
It seems that you have the remains of an old install in /usr/lib.
It seems that you have a 32-bit system. That's fine, just change any lib64 reference you see to lib.
Sorry I have to go right now. I'm confident we can resolve this. Please post the output from
cd /usr/lib
ls -l libssl*
cd /lib
ls -l libssl*

Open in new window

Jorge BatresAuthor Commented:
Thank you Duncan, here is the output from both directories:

[root@web ~]# cd /usr/lib
[root@web lib]# ls -l libssl*
-rw-r--r-- 1 root root 768902 Jan 26 17:54 libssl.a
-rwxr-xr-x 1 root root 525480 Jan 28 11:12 libssl.so
-rwxr-xr-x 1 root root 525480 Jan 28 11:12 libssl.so.1.1
[root@web lib]# cd /lib
[root@web lib]# ls -l libssl*
-rw-r--r-- 1 root root 768902 Jan 26 17:54 libssl.a
-rwxr-xr-x 1 root root 525480 Jan 28 11:12 libssl.so
-rwxr-xr-x 1 root root 525480 Jan 28 11:12 libssl.so.1.1
[root@web lib]#

Thanks,

Jorge Batres
Jorge BatresAuthor Commented:
Sorry; I forgot to mention that yes, I have ran ldconfig before, although I think I have reversed any changes I did to it because I wasn't sure if that was working.

Thanks,

Jorge Batres
Jorge BatresAuthor Commented:
Hi Duncan, I also ran /usr/lib64 and instead of being empty, this time, I got this:

[root@web lib64]# ls -l libssl*
-rwxr-xr-x. 1 root root 315088 Sep 27 05:40 libssl3.so
lrwxrwxrwx. 1 root root     16 Jan 18 00:12 libssl.so -> libssl.so.1.0.2k
lrwxrwxrwx. 1 root root     16 Jan 17 17:56 libssl.so.10 -> libssl.so.1.0.2k
-rwxr-xr-x. 1 root root 470336 May 17  2017 libssl.so.1.0.2k
[root@web lib64]#

I'm attaching a note included in the installation folder for OpenSSL regarding linux and linking libraries. I tried this a couple of days ago, but didn't work. It might have installed the libraries to lib64 though.

Thanks,

Jorge Batres
Jorge BatresAuthor Commented:
Sorry, here is the note from OpenSSL installation
NOTES.UNIX.txt
Duncan RoeSoftware DeveloperCommented:
Now I'm really confused. Is your systen 64 or 32-bit? Please post the output from ldd /bin/bash
Also these:
file /usr/lib/libssl.so.1.1
file /usr/lib64/libssl.so.1.0.2k
Jorge BatresAuthor Commented:
I think my system is 64 bit. Here are the outputs:

[root@web ~]# ldd /bin/bash
      linux-vdso.so.1 =>  (0x00007ffd91b8c000)
      libtinfo.so.5 => /lib64/libtinfo.so.5 (0x00007f0bceb50000)
      libdl.so.2 => /lib64/libdl.so.2 (0x00007f0bce94c000)
      libc.so.6 => /lib64/libc.so.6 (0x00007f0bce588000)
      /lib64/ld-linux-x86-64.so.2 (0x000055db3ef9a000)
[root@web ~]#

[root@web ~]# file /usr/lib/libssl.so.1.1
/usr/lib/libssl.so.1.1: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=67be8973b4c1e872fefae9670c7e3b4761eaed45, not stripped
[root@web ~]#


[root@web ~]# file /usr/lib64/libssl.so.1.0.2k
/usr/lib64/libssl.so.1.0.2k: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=83a75b80bd8eb0c10da10d868a3faa3cbf68ff5e, stripped
[root@web ~]#
Jorge BatresAuthor Commented:
And if I run openssl version: it seems to be installed correctly but it doesn't work with OpenSSH-7.6.p1

[root@web ~]# openssl version
OpenSSL 1.1.0g  2 Nov 2017
[root@web ~]#

[root@web ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
[root@web ~]#
Jorge BatresAuthor Commented:
Should I try to reinstall using /usr/lib64 for the library directory like this?

./config --prefix=/usr         \
         --openssldir=/etc/ssl \
         --libdir=/usr/lib64          \
         shared                \
         zlib-dynamic &&
make
Duncan RoeSoftware DeveloperCommented:
Try these 2 (and post output)
type -p openssl
ldd $(type -p openssl)
Jorge BatresAuthor Commented:
[root@web ~]# type -p openssl
/usr/bin/openssl
[root@web ~]# ldd $(type -p openssl)
      linux-vdso.so.1 =>  (0x00007ffd281c3000)
      libssl.so.1.1 => /lib/libssl.so.1.1 (0x00007fb194a45000)
      libcrypto.so.1.1 => /lib/libcrypto.so.1.1 (0x00007fb1945be000)
      libdl.so.2 => /lib64/libdl.so.2 (0x00007fb1943b9000)
      libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fb19419d000)
      libc.so.6 => /lib64/libc.so.6 (0x00007fb193dda000)
      /lib64/ld-linux-x86-64.so.2 (0x0000558b97e88000)
[root@web ~]#
Duncan RoeSoftware DeveloperCommented:
A 64-bit system does not normally search /usr/lib for shared objects; rather it searches /usr/lib64. But if you built openssl with -Wl,-rpath,/usr/lib then openssl, and only openssl, will pick up the new library.
If you did build openssl that way, it would be best if you would rebuild it with -Wl,-rpath,/usr/lib64
Duncan RoeSoftware DeveloperCommented:
Oh dear! You have libcrypto in /lib as well. Did it come that way or did you build it yourself?
Jorge BatresAuthor Commented:
No, I believe I did it when I tried to upgrade OpenSSL following this instructions:

./config --prefix=/usr         \
         --openssldir=/etc/ssl \
         --libdir=lib          \
         shared                \
         zlib-dynamic &&
make

To test the results, issue: make test.

If you want to disable installing the static libraries, use this sed:

sed -i 's# libcrypto.a##;s# libssl.a##;/INSTALL_LIBS/s#libcrypto.a##' Makefile


Now, as the root user:

make MANSUFFIX=ssl install           &&
mv -v /usr/share/doc/openssl{,-1.1.0g} &&
cp -vfr doc/* /usr/share/doc/openssl-1.1.0g
Jorge BatresAuthor Commented:
I think I did apply this once:

sed -i 's# libcrypto.a##;s# libssl.a##;/INSTALL_LIBS/s#libcrypto.a##' Makefile
Jorge BatresAuthor Commented:
Should I try like this?

./config --prefix=/usr         \
         --openssldir=/etc/ssl \
         -Wl,-rpath,/usr/lib64         \
         shared                \
         zlib-dynamic &&
make
Duncan RoeSoftware DeveloperCommented:
OK you have messed up your system a little bit. You should always install 64-bit libraries in lib64 (/usr or /)
I see from an old redhat-based (Fedora) install that you get a set of 32-bit libraries in lib and 64-bit libraries in lib64 by default.
You may have overwritten a few 32-bit libraries with 64-bit ones therefore.

Yes you should certainly reinstall as per your comment https:#a42453519
Jorge BatresAuthor Commented:
I tried this:

./config --prefix=/usr         \
         --openssldir=/etc/ssl \
         -Wl,-rpath,/usr/lib64         \
         shared                \
         zlib-dynamic &&
make

no change:

[root@web ~]# type -p openssl
/usr/bin/openssl
[root@web ~]# ldd $(type -p openssl)
      linux-vdso.so.1 =>  (0x00007ffdcfbe3000)
      libssl.so.1.1 => /lib/libssl.so.1.1 (0x00007f22949e0000)
      libcrypto.so.1.1 => /lib/libcrypto.so.1.1 (0x00007f2294559000)
      libdl.so.2 => /lib64/libdl.so.2 (0x00007f2294354000)
      libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f2294138000)
      libc.so.6 => /lib64/libc.so.6 (0x00007f2293d75000)
      /lib64/ld-linux-x86-64.so.2 (0x0000558397ceb000)
[root@web ~]#
Jorge BatresAuthor Commented:
I think I'm going to try like this:

./config --prefix=/usr         \
         --openssldir=/etc/ssl \
         --libdir=/usr/lib64         \
         shared                \
         zlib-dynamic &&
make
Duncan RoeSoftware DeveloperCommented:
NO! WRONG! ./config --prefix=/usr --openssldir=/etc/ssl --libdir=/lib64 ...
Jorge BatresAuthor Commented:
I tried it like that but no change :(

[root@web ~]# type -p openssl
/usr/bin/openssl
[root@web ~]# ldd $(type -p openssl)
      linux-vdso.so.1 =>  (0x00007ffee83f4000)
      libssl.so.1.1 => /lib/libssl.so.1.1 (0x00007fd72d768000)
      libcrypto.so.1.1 => /lib/libcrypto.so.1.1 (0x00007fd72d2e1000)
      libdl.so.2 => /lib64/libdl.so.2 (0x00007fd72d0dc000)
      libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fd72cec0000)
      libc.so.6 => /lib64/libc.so.6 (0x00007fd72cafd000)
      /lib64/ld-linux-x86-64.so.2 (0x0000556ede336000)
[root@web ~]#
Jorge BatresAuthor Commented:
[root@web ~]# file /usr/lib/libssl.so.1.1
/usr/lib/libssl.so.1.1: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=67be8973b4c1e872fefae9670c7e3b4761eaed45, not stripped
[root@web ~]#
Duncan RoeSoftware DeveloperCommented:
After make install, /lib64 should contain one new file: libssl.so.1.1. It may contain new symlinks to that file. If it does not, run ldconfig and observe that symlinks are created.
In /usr/lib64 there should be one related symlink:
/usr/lib64/libssl.so -> ../../lib64/libssl.so.1.1
That file is there for building other programs (e.g. OpenSSh). There may be a set of other symlinks to ../../lib64 (my system has them, but the Fedora system didn't).
You may need to rebuild libcrypto similarly.
You should remove 64-bit items and their symlinks from lib (32-bit) directories.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Duncan RoeSoftware DeveloperCommented:
Have  to go now. Do try removing stuff (you can mkdir old and mv them into that rather than plain rm)
Jorge BatresAuthor Commented:
[root@web lib64]# ls -l libssl*
-rwxr-xr-x. 1 root root 315088 Sep 27 05:40 libssl3.so
lrwxrwxrwx. 1 root root     16 Jan 18 00:12 libssl.so -> libssl.so.1.0.2k
lrwxrwxrwx. 1 root root     16 Jan 17 17:56 libssl.so.10 -> libssl.so.1.0.2k
-rwxr-xr-x. 1 root root 470336 May 17  2017 libssl.so.1.0.2k
[root@web lib64]#
Jorge BatresAuthor Commented:
Thank you Duncan,I will move all the 64 bit entries from my /lib folder and try again to install libraries to /lib64 directory tomorrow.

Thanks again,
Jorge Batres
Jorge BatresAuthor Commented:
Hi Duncan, I moved the libraries out of the 32 bit directory like this:

 mv /usr/lib/libssl.so.1.1 /usr/lib-old

 mv /usr/lib/libssl.a /usr/lib-old

 mv /usr/lib/libssl.so /usr/lib-old

and tried to install in 2 different ways like this:

 ./config --prefix=/usr   \
            --openssldir= /etc/ssl \
        -Wl,-rpath, /lib64        \
shared                \
         zlib-dynamic &&
make

I also tried:

./config --prefix=/usr         \
         --openssldir=/etc/ssl \
         -Wl,-rpath,'$(LIBRPATH)'          \
         shared                \
         zlib-dynamic &&
make

but when I checked the openssl version, I got:

[root@web ~]# openssl version
openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
[root@web ~]#

I double checked the lib64 directory for the libssl.so.1.1 but they were never there; even after running ldconfig.

So I moved the libraries back to their original directory and openssl went back to the same as before, working with libraries in 32 bit directory and no libssl.so.1.1 in lib64.

Should I try to move (mv) the libraries to lib64 and try?

I did run ldconfig every time but no changes.
Duncan RoeSoftware DeveloperCommented:
Hey Jorge sorry but I'm really under the pump this morning. I suspect you are running afoul of the package config system (i.e. you have some damage to undo). In 32-bit /usr/lib/pkgconfig/, I'm guessing you need to restore libssl.pc back to
prefix=/usr
exec_prefix=${prefix}
libdir=/lib
includedir=${prefix}/include

Name: OpenSSL-libssl
Description: Secure Sockets Layer and cryptography libraries
Version: 1.0.2k
Requires.private: libcrypto
Libs: -L${libdir} -lssl
Libs.private: -ldl
Cflags: -I${includedir} 

Open in new window

I.e. as it was configured originally.
Sorry must finish. Google for more info. I'll get back to you when I can (may be later than today)
Jorge BatresAuthor Commented:
So I got OpenSSL=1.1.0g installed but using 32 bit libraries and cannot move them to the lib64. Found this online but I'm not sure if this applies to my server's configuration.

https://github.com/openssl/openssl/issues/3993
Duncan RoeSoftware DeveloperCommented:
try strace to see where it's looking
Jorge BatresAuthor Commented:
Thank you Duncan. Sorry, I posted my last comment before I saw you last post.

Thanks,

Jorge
Jorge BatresAuthor Commented:
I'm not sure how to use strace here
Jorge BatresAuthor Commented:
Duncan, I tried this morning with make install as you suggested and I think it worked! Although even after running ldconfig I still see symlink to the old version.

[root@web lib64]# ldconfig
[root@web lib64]# ls -l libssl*
-rwxr-xr-x. 1 root root 315088 Sep 27 05:40 libssl3.so
-rw-r--r--  1 root root 768902 Feb  2 10:37 libssl.a
-rwxr-xr-x  1 root root 525480 Feb  2 10:37 libssl.so
lrwxrwxrwx. 1 root root     16 Jan 17 17:56 libssl.so.10 -> libssl.so.1.0.2k
-rwxr-xr-x. 1 root root 470336 May 17  2017 libssl.so.1.0.2k
-rwxr-xr-x  1 root root 525480 Feb  2 10:37 libssl.so.1.1
[root@web lib64]#
Jorge BatresAuthor Commented:
Also,

[root@web ~]# type -p openssl
/usr/bin/openssl
[root@web ~]# ldd $(type -p openssl)
      linux-vdso.so.1 =>  (0x00007fffe2750000)
      libssl.so.1.1 => /usr/lib64/libssl.so.1.1 (0x00007f3d54a12000)
      libcrypto.so.1.1 => /usr/lib64/libcrypto.so.1.1 (0x00007f3d5458a000)
      libdl.so.2 => /usr/lib64/libdl.so.2 (0x00007f3d54386000)
      libpthread.so.0 => /usr/lib64/libpthread.so.0 (0x00007f3d5416a000)
      libc.so.6 => /usr/lib64/libc.so.6 (0x00007f3d53da7000)
      /lib64/ld-linux-x86-64.so.2 (0x0000562188735000)
[root@web ~]#
Jorge BatresAuthor Commented:
Final step before OpenSSH-7.6.p1 installation:
With the exception of the first set of instructions which are already done, can I just proceed to install as described here?

http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssh.html
Duncan RoeSoftware DeveloperCommented:
With regard to https:#a42455563, it's fine that there are symlinks to old library versions: these are required so old programs keep working. However libssl.so should be a symlink to libssl.so.1.1 (they are identical - try diff)
Duncan RoeSoftware DeveloperCommented:
With regard to https:#a42455649, I assume you mean the user and group are already set up?
It's certainly worth trying the rest now.
Jorge BatresAuthor Commented:
Hi Duncan, I was able to update to OpenSSH-7.6.p1. I am still having an issue connecting back to my server via SSH. At this time I'm still connected but I tried to establish another connection and it is giving me some errors so I ran this command and got this:

[root@web ssh]# systemctl status sshd.service
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Fri 2018-02-02 18:55:56 EST; 36s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 13384 ExecStart=/usr/sbin/sshd -D $OPTIONS (code=exited, status=1/FAILURE)
Main PID: 13384 (code=exited, status=1/FAILURE)

Feb 02 18:55:56 web.vacationpeople.net sshd[13384]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 02 18:55:56 web.vacationpeople.net sshd[13384]: Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
Feb 02 18:55:56 web.vacationpeople.net sshd[13384]: It is required that your private key files are NOT accessible by others.
Feb 02 18:55:56 web.vacationpeople.net sshd[13384]: This private key will be ignored.
Feb 02 18:55:56 web.vacationpeople.net sshd[13384]: key_load_private: bad permissions
Feb 02 18:55:56 web.vacationpeople.net sshd[13384]: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Feb 02 18:55:56 web.vacationpeople.net sshd[13384]: sshd: no hostkeys available -- exiting.
Feb 02 18:55:56 web.vacationpeople.net systemd[1]: Failed to start OpenSSH server daemon.
Feb 02 18:55:56 web.vacationpeople.net systemd[1]: Unit sshd.service entered failed state.
Feb 02 18:55:56 web.vacationpeople.net systemd[1]: sshd.service failed.
[root@web ssh]#

I have opened a ticket with my service provide to see if they can troubleshoot it while I'm still connected; but for the looks of it,  seems to be a problem with permissions.

I think I'm very close to finally be done. I will let you know as soon as I can get this corrected and I will rate this question then. Thank you so much for the help you have given me so far.

Thanks,

Jorge
Duncan RoeSoftware DeveloperCommented:
Try chmod 600 /etc/ssh/ssh_host_ed25519_key
Jorge BatresAuthor Commented:
Thank you, That changed the permissions but I'm still having problems connecting so I ran this: but I don't know how to exit this and change permissions to those keys

[root@web ssh]# journalctl -xe
Feb 02 20:01:10 web.vacationpeople.net sshd[15584]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 02 20:01:10 web.vacationpeople.net sshd[15584]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Feb 02 20:01:10 web.vacationpeople.net sshd[15584]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 02 20:01:10 web.vacationpeople.net sshd[15584]: error: Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
Feb 02 20:01:10 web.vacationpeople.net sshd[15584]: error: It is required that your private key files are NOT accessible by others.
Feb 02 20:01:10 web.vacationpeople.net sshd[15584]: error: This private key will be ignored.
Feb 02 20:01:10 web.vacationpeople.net sshd[15584]: error: key_load_private: bad permissions
Feb 02 20:01:10 web.vacationpeople.net sshd[15584]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Feb 02 20:01:11 web.vacationpeople.net sshd[15584]: Unable to negotiate with 122.166.191.100 port 9993: no matching host key type found. Their offer:
Feb 02 20:01:22 web.vacationpeople.net courier-pop3s[11919]: Unexpected SSL connection shutdown.
Feb 02 20:01:47 web.vacationpeople.net systemd[1]: sshd.service start operation timed out. Terminating.
Feb 02 20:01:47 web.vacationpeople.net sshd[15536]: Received signal 15; terminating.
Feb 02 20:01:47 web.vacationpeople.net systemd[1]: Failed to start OpenSSH server daemon.
-- Subject: Unit sshd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit sshd.service has failed.
--
-- The result is failed.
Feb 02 20:01:47 web.vacationpeople.net systemd[1]: Unit sshd.service entered failed state.
Feb 02 20:01:47 web.vacationpeople.net systemd[1]: sshd.service failed.
Feb 02 20:01:47 web.vacationpeople.net polkitd[632]: Unregistered Authentication Agent for unix-process:15519:136579556 (system bus name :1.8964, obj
Feb 02 20:02:00 web.vacationpeople.net postfix/master[12644]: warning: master_wakeup_timer_event: service pickup(public/pickup): Connection refused
Feb 02 20:02:22 web.vacationpeople.net courier-pop3s[11919]: Unexpected SSL connection shutdown.
Feb 02 20:02:29 web.vacationpeople.net systemd[1]: sshd.service holdoff time over, scheduling restart.
Feb 02 20:02:29 web.vacationpeople.net systemd[1]: Starting OpenSSH server daemon...
-- Subject: Unit sshd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit sshd.service has begun starting up.
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: /etc/ssh/sshd_config line 83: Unsupported option GSSAPIAuthentication
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: /etc/ssh/sshd_config line 84: Unsupported option GSSAPICleanupCredentials
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: /etc/ssh/sshd_config line 100: Unsupported option UsePAM
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: It is required that your private key files are NOT accessible by others.
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: This private key will be ignored.
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: key_load_private: bad permissions
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: Could not load host key: /etc/ssh/ssh_host_rsa_key
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: Server listening on 0.0.0.0 port 22.
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: It is required that your private key files are NOT accessible by others.
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: This private key will be ignored.
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: key_load_private: bad permissions
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: Server listening on :: port 22.
Feb 02 20:02:47 web.vacationpeople.net named[18333]: client 74.82.47.22#36192 (dnsscan.shadowserver.org): query (cache) 'dnsscan.shadowserver.org/A/I
Feb 02 20:02:50 web.vacationpeople.net postfix/master[12644]: warning: master_wakeup_timer_event: service qmgr(public/qmgr): Connection refused
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: rexec line 83: Unsupported option GSSAPIAuthentication
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: rexec line 84: Unsupported option GSSAPICleanupCredentials
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: rexec line 100: Unsupported option UsePAM
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: It is required that your private key files are NOT accessible by others.
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: This private key will be ignored.
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: key_load_private: bad permissions
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: Could not load host key: /etc/ssh/ssh_host_rsa_key
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: It is required that your private key files are NOT accessible by others.
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: This private key will be ignored.
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: key_load_private: bad permissions
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: Unable to negotiate with 59.124.125.152 port 1801: no matching host key type found. Their offer:
Feb 02 20:02:52 web.vacationpeople.net postfix/smtpd[15689]: warning: hostname no-reverse-dns-configured.com does not resolve to address 80.82.70.210
Feb 02 20:02:52 web.vacationpeople.net postfix/smtpd[15689]: connect from unknown[80.82.70.210]
Feb 02 20:02:52 web.vacationpeople.net postfix/smtpd[15689]: disconnect from unknown[80.82.70.210]
Feb 02 20:02:54 web.vacationpeople.net postfix/smtpd[15689]: warning: hostname no-reverse-dns-configured.com does not resolve to address 80.82.70.210
Feb 02 20:02:54 web.vacationpeople.net postfix/smtpd[15689]: connect from unknown[80.82.70.210]
Feb 02 20:02:55 web.vacationpeople.net postfix/smtpd[15689]: disconnect from unknown[80.82.70.210]
Feb 02 20:02:55 web.vacationpeople.net postfix/smtpd[15689]: warning: hostname no-reverse-dns-configured.com does not resolve to address 80.82.70.210
Feb 02 20:02:55 web.vacationpeople.net postfix/smtpd[15689]: connect from unknown[80.82.70.210]
Feb 02 20:02:56 web.vacationpeople.net postfix/smtpd[15689]: disconnect from unknown[80.82.70.210]
Feb 02 20:02:57 web.vacationpeople.net postfix/smtpd[15689]: warning: hostname no-reverse-dns-configured.com does not resolve to address 80.82.70.210
lines 1045-1129/1131 100%
Jorge BatresAuthor Commented:
Thank you Duncan, I was able to link/move the libraries to the lib64 directory and right after that I was able to update OpenSSh.

Thank you so much for your patience.

Jorge Batres
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.