We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x
Private

OpenSSL library not found

Jorge Batres
Jorge Batres asked
on
High Priority
298 Views
Last Modified: 2018-03-07
Hi, I need your help to fix this issue. I have installed OpenSSL-1.1.0g which is required by OpenSSh-7.6p1.

During the installation of OpenSSL-1.1.0g, I encountered an error:

openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

so I applied this fix which I found online: add the path /usr/local/lib64 to /etc/ld.so.conf and run ldconfig

After that, I checked openssl version and OpenSSL-1.1.0g had been installed. I proceeded with the installation of OpenSSH-7.6p1 and at the end of the initial process, I got this error:

checking OpenSSL header version... 1010007f (OpenSSL 1.1.0g  2 Nov 2017)
checking OpenSSL library version... not found
configure: error: OpenSSL library not found.


I am following the instructions to install OpenSSH from here: http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssh.html

Please help.

Server OS Red Hat Enterprise Linux Server 7.4 (Maipo)‬

Thanks,

Jorge Batres
Comment
Watch Question

Author

Commented:
Can anybody please help?

These are the instructions I followed:

./config --prefix=/usr         \
         --openssldir=/etc/ssl \
         --libdir=lib          \
         shared                \
         zlib-dynamic &&
make

To test the results, issue: make test.

If you want to disable installing the static libraries, use this sed:

sed -i 's# libcrypto.a##;s# libssl.a##;/INSTALL_LIBS/s#libcrypto.a##' Makefile


Now, as the root user:

make MANSUFFIX=ssl install           &&
mv -v /usr/share/doc/openssl{,-1.1.0g} &&
cp -vfr doc/* /usr/share/doc/openssl-1.1.0g

Thanks,

Jorge Batres
Duncan RoeSoftware Developer
CERTIFIED EXPERT

Commented:
Please post config.log. That will show exactly what went wrong.
Because your ./config line included --prefix=/usr there is no point in adding /usr/local/lib64. It will have put libraries in /usr/lib64 (/usr/lib if you still have a 32-bit system).

Author

Commented:
Hi Duncan and thank you for replying to my question. Please find attached the config.log file. It is quite large I think.

Thanks,

Jorge Batres
config.log

Author

Commented:
I looked at /usr/lib64 folder and it is empty. Also, I looked at /usr/lib and found this which belongs to the previous OpenSSL that was installed in the server:
 lrwxrwxrwx.  1 root root        16 Jan 18 00:12 libssl.so -> libssl.so.1.0.2k
lrwxrwxrwx.  1 root root        16 Jan 17 17:56 libssl.so.10 -> libssl.so.1.0.2k
-rwxr-xr-x.  1 root root    470336 May 17  2017 libssl.so.1.0.2k

I looked at /lib and found the library there: libssl.so.1.1

I just don't know how can use it to install OpenSSH-7.6.p1

Thanks,

Jorge Batres
Duncan RoeSoftware Developer
CERTIFIED EXPERT

Commented:
Did you run ldconfig? (If you had installed via rpm, it would have. But obviously you're not doing that.).
It seems that you have the remains of an old install in /usr/lib.
It seems that you have a 32-bit system. That's fine, just change any lib64 reference you see to lib.
Sorry I have to go right now. I'm confident we can resolve this. Please post the output from
cd /usr/lib
ls -l libssl*
cd /lib
ls -l libssl*

Open in new window

Author

Commented:
Thank you Duncan, here is the output from both directories:

[root@web ~]# cd /usr/lib
[root@web lib]# ls -l libssl*
-rw-r--r-- 1 root root 768902 Jan 26 17:54 libssl.a
-rwxr-xr-x 1 root root 525480 Jan 28 11:12 libssl.so
-rwxr-xr-x 1 root root 525480 Jan 28 11:12 libssl.so.1.1
[root@web lib]# cd /lib
[root@web lib]# ls -l libssl*
-rw-r--r-- 1 root root 768902 Jan 26 17:54 libssl.a
-rwxr-xr-x 1 root root 525480 Jan 28 11:12 libssl.so
-rwxr-xr-x 1 root root 525480 Jan 28 11:12 libssl.so.1.1
[root@web lib]#

Thanks,

Jorge Batres

Author

Commented:
Sorry; I forgot to mention that yes, I have ran ldconfig before, although I think I have reversed any changes I did to it because I wasn't sure if that was working.

Thanks,

Jorge Batres

Author

Commented:
Hi Duncan, I also ran /usr/lib64 and instead of being empty, this time, I got this:

[root@web lib64]# ls -l libssl*
-rwxr-xr-x. 1 root root 315088 Sep 27 05:40 libssl3.so
lrwxrwxrwx. 1 root root     16 Jan 18 00:12 libssl.so -> libssl.so.1.0.2k
lrwxrwxrwx. 1 root root     16 Jan 17 17:56 libssl.so.10 -> libssl.so.1.0.2k
-rwxr-xr-x. 1 root root 470336 May 17  2017 libssl.so.1.0.2k
[root@web lib64]#

I'm attaching a note included in the installation folder for OpenSSL regarding linux and linking libraries. I tried this a couple of days ago, but didn't work. It might have installed the libraries to lib64 though.

Thanks,

Jorge Batres

Author

Commented:
Sorry, here is the note from OpenSSL installation
NOTES.UNIX.txt
Duncan RoeSoftware Developer
CERTIFIED EXPERT

Commented:
Now I'm really confused. Is your systen 64 or 32-bit? Please post the output from ldd /bin/bash
Also these:
file /usr/lib/libssl.so.1.1
file /usr/lib64/libssl.so.1.0.2k

Author

Commented:
I think my system is 64 bit. Here are the outputs:

[root@web ~]# ldd /bin/bash
      linux-vdso.so.1 =>  (0x00007ffd91b8c000)
      libtinfo.so.5 => /lib64/libtinfo.so.5 (0x00007f0bceb50000)
      libdl.so.2 => /lib64/libdl.so.2 (0x00007f0bce94c000)
      libc.so.6 => /lib64/libc.so.6 (0x00007f0bce588000)
      /lib64/ld-linux-x86-64.so.2 (0x000055db3ef9a000)
[root@web ~]#

[root@web ~]# file /usr/lib/libssl.so.1.1
/usr/lib/libssl.so.1.1: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=67be8973b4c1e872fefae9670c7e3b4761eaed45, not stripped
[root@web ~]#


[root@web ~]# file /usr/lib64/libssl.so.1.0.2k
/usr/lib64/libssl.so.1.0.2k: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=83a75b80bd8eb0c10da10d868a3faa3cbf68ff5e, stripped
[root@web ~]#

Author

Commented:
And if I run openssl version: it seems to be installed correctly but it doesn't work with OpenSSH-7.6.p1

[root@web ~]# openssl version
OpenSSL 1.1.0g  2 Nov 2017
[root@web ~]#

[root@web ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
[root@web ~]#

Author

Commented:
Should I try to reinstall using /usr/lib64 for the library directory like this?

./config --prefix=/usr         \
         --openssldir=/etc/ssl \
         --libdir=/usr/lib64          \
         shared                \
         zlib-dynamic &&
make
Duncan RoeSoftware Developer
CERTIFIED EXPERT

Commented:
Try these 2 (and post output)
type -p openssl
ldd $(type -p openssl)

Author

Commented:
[root@web ~]# type -p openssl
/usr/bin/openssl
[root@web ~]# ldd $(type -p openssl)
      linux-vdso.so.1 =>  (0x00007ffd281c3000)
      libssl.so.1.1 => /lib/libssl.so.1.1 (0x00007fb194a45000)
      libcrypto.so.1.1 => /lib/libcrypto.so.1.1 (0x00007fb1945be000)
      libdl.so.2 => /lib64/libdl.so.2 (0x00007fb1943b9000)
      libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fb19419d000)
      libc.so.6 => /lib64/libc.so.6 (0x00007fb193dda000)
      /lib64/ld-linux-x86-64.so.2 (0x0000558b97e88000)
[root@web ~]#
Duncan RoeSoftware Developer
CERTIFIED EXPERT

Commented:
A 64-bit system does not normally search /usr/lib for shared objects; rather it searches /usr/lib64. But if you built openssl with -Wl,-rpath,/usr/lib then openssl, and only openssl, will pick up the new library.
If you did build openssl that way, it would be best if you would rebuild it with -Wl,-rpath,/usr/lib64
Duncan RoeSoftware Developer
CERTIFIED EXPERT

Commented:
Oh dear! You have libcrypto in /lib as well. Did it come that way or did you build it yourself?

Author

Commented:
No, I believe I did it when I tried to upgrade OpenSSL following this instructions:

./config --prefix=/usr         \
         --openssldir=/etc/ssl \
         --libdir=lib          \
         shared                \
         zlib-dynamic &&
make

To test the results, issue: make test.

If you want to disable installing the static libraries, use this sed:

sed -i 's# libcrypto.a##;s# libssl.a##;/INSTALL_LIBS/s#libcrypto.a##' Makefile


Now, as the root user:

make MANSUFFIX=ssl install           &&
mv -v /usr/share/doc/openssl{,-1.1.0g} &&
cp -vfr doc/* /usr/share/doc/openssl-1.1.0g

Author

Commented:
I think I did apply this once:

sed -i 's# libcrypto.a##;s# libssl.a##;/INSTALL_LIBS/s#libcrypto.a##' Makefile

Author

Commented:
Should I try like this?

./config --prefix=/usr         \
         --openssldir=/etc/ssl \
         -Wl,-rpath,/usr/lib64         \
         shared                \
         zlib-dynamic &&
make
Duncan RoeSoftware Developer
CERTIFIED EXPERT

Commented:
OK you have messed up your system a little bit. You should always install 64-bit libraries in lib64 (/usr or /)
I see from an old redhat-based (Fedora) install that you get a set of 32-bit libraries in lib and 64-bit libraries in lib64 by default.
You may have overwritten a few 32-bit libraries with 64-bit ones therefore.

Yes you should certainly reinstall as per your comment https:#a42453519

Author

Commented:
I tried this:

./config --prefix=/usr         \
         --openssldir=/etc/ssl \
         -Wl,-rpath,/usr/lib64         \
         shared                \
         zlib-dynamic &&
make

no change:

[root@web ~]# type -p openssl
/usr/bin/openssl
[root@web ~]# ldd $(type -p openssl)
      linux-vdso.so.1 =>  (0x00007ffdcfbe3000)
      libssl.so.1.1 => /lib/libssl.so.1.1 (0x00007f22949e0000)
      libcrypto.so.1.1 => /lib/libcrypto.so.1.1 (0x00007f2294559000)
      libdl.so.2 => /lib64/libdl.so.2 (0x00007f2294354000)
      libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f2294138000)
      libc.so.6 => /lib64/libc.so.6 (0x00007f2293d75000)
      /lib64/ld-linux-x86-64.so.2 (0x0000558397ceb000)
[root@web ~]#

Author

Commented:
I think I'm going to try like this:

./config --prefix=/usr         \
         --openssldir=/etc/ssl \
         --libdir=/usr/lib64         \
         shared                \
         zlib-dynamic &&
make
Duncan RoeSoftware Developer
CERTIFIED EXPERT

Commented:
NO! WRONG! ./config --prefix=/usr --openssldir=/etc/ssl --libdir=/lib64 ...

Author

Commented:
I tried it like that but no change :(

[root@web ~]# type -p openssl
/usr/bin/openssl
[root@web ~]# ldd $(type -p openssl)
      linux-vdso.so.1 =>  (0x00007ffee83f4000)
      libssl.so.1.1 => /lib/libssl.so.1.1 (0x00007fd72d768000)
      libcrypto.so.1.1 => /lib/libcrypto.so.1.1 (0x00007fd72d2e1000)
      libdl.so.2 => /lib64/libdl.so.2 (0x00007fd72d0dc000)
      libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fd72cec0000)
      libc.so.6 => /lib64/libc.so.6 (0x00007fd72cafd000)
      /lib64/ld-linux-x86-64.so.2 (0x0000556ede336000)
[root@web ~]#

Author

Commented:
[root@web ~]# file /usr/lib/libssl.so.1.1
/usr/lib/libssl.so.1.1: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=67be8973b4c1e872fefae9670c7e3b4761eaed45, not stripped
[root@web ~]#
Software Developer
CERTIFIED EXPERT
Commented:
After make install, /lib64 should contain one new file: libssl.so.1.1. It may contain new symlinks to that file. If it does not, run ldconfig and observe that symlinks are created.
In /usr/lib64 there should be one related symlink:
/usr/lib64/libssl.so -> ../../lib64/libssl.so.1.1
That file is there for building other programs (e.g. OpenSSh). There may be a set of other symlinks to ../../lib64 (my system has them, but the Fedora system didn't).
You may need to rebuild libcrypto similarly.
You should remove 64-bit items and their symlinks from lib (32-bit) directories.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Duncan RoeSoftware Developer
CERTIFIED EXPERT

Commented:
Have  to go now. Do try removing stuff (you can mkdir old and mv them into that rather than plain rm)

Author

Commented:
[root@web lib64]# ls -l libssl*
-rwxr-xr-x. 1 root root 315088 Sep 27 05:40 libssl3.so
lrwxrwxrwx. 1 root root     16 Jan 18 00:12 libssl.so -> libssl.so.1.0.2k
lrwxrwxrwx. 1 root root     16 Jan 17 17:56 libssl.so.10 -> libssl.so.1.0.2k
-rwxr-xr-x. 1 root root 470336 May 17  2017 libssl.so.1.0.2k
[root@web lib64]#

Author

Commented:
Thank you Duncan,I will move all the 64 bit entries from my /lib folder and try again to install libraries to /lib64 directory tomorrow.

Thanks again,
Jorge Batres

Author

Commented:
Hi Duncan, I moved the libraries out of the 32 bit directory like this:

 mv /usr/lib/libssl.so.1.1 /usr/lib-old

 mv /usr/lib/libssl.a /usr/lib-old

 mv /usr/lib/libssl.so /usr/lib-old

and tried to install in 2 different ways like this:

 ./config --prefix=/usr   \
            --openssldir= /etc/ssl \
        -Wl,-rpath, /lib64        \
shared                \
         zlib-dynamic &&
make

I also tried:

./config --prefix=/usr         \
         --openssldir=/etc/ssl \
         -Wl,-rpath,'$(LIBRPATH)'          \
         shared                \
         zlib-dynamic &&
make

but when I checked the openssl version, I got:

[root@web ~]# openssl version
openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
[root@web ~]#

I double checked the lib64 directory for the libssl.so.1.1 but they were never there; even after running ldconfig.

So I moved the libraries back to their original directory and openssl went back to the same as before, working with libraries in 32 bit directory and no libssl.so.1.1 in lib64.

Should I try to move (mv) the libraries to lib64 and try?

I did run ldconfig every time but no changes.
Duncan RoeSoftware Developer
CERTIFIED EXPERT

Commented:
Hey Jorge sorry but I'm really under the pump this morning. I suspect you are running afoul of the package config system (i.e. you have some damage to undo). In 32-bit /usr/lib/pkgconfig/, I'm guessing you need to restore libssl.pc back to
prefix=/usr
exec_prefix=${prefix}
libdir=/lib
includedir=${prefix}/include

Name: OpenSSL-libssl
Description: Secure Sockets Layer and cryptography libraries
Version: 1.0.2k
Requires.private: libcrypto
Libs: -L${libdir} -lssl
Libs.private: -ldl
Cflags: -I${includedir} 

Open in new window

I.e. as it was configured originally.
Sorry must finish. Google for more info. I'll get back to you when I can (may be later than today)

Author

Commented:
So I got OpenSSL=1.1.0g installed but using 32 bit libraries and cannot move them to the lib64. Found this online but I'm not sure if this applies to my server's configuration.

https://github.com/openssl/openssl/issues/3993
Duncan RoeSoftware Developer
CERTIFIED EXPERT

Commented:
try strace to see where it's looking

Author

Commented:
Thank you Duncan. Sorry, I posted my last comment before I saw you last post.

Thanks,

Jorge

Author

Commented:
I'm not sure how to use strace here

Author

Commented:
Duncan, I tried this morning with make install as you suggested and I think it worked! Although even after running ldconfig I still see symlink to the old version.

[root@web lib64]# ldconfig
[root@web lib64]# ls -l libssl*
-rwxr-xr-x. 1 root root 315088 Sep 27 05:40 libssl3.so
-rw-r--r--  1 root root 768902 Feb  2 10:37 libssl.a
-rwxr-xr-x  1 root root 525480 Feb  2 10:37 libssl.so
lrwxrwxrwx. 1 root root     16 Jan 17 17:56 libssl.so.10 -> libssl.so.1.0.2k
-rwxr-xr-x. 1 root root 470336 May 17  2017 libssl.so.1.0.2k
-rwxr-xr-x  1 root root 525480 Feb  2 10:37 libssl.so.1.1
[root@web lib64]#

Author

Commented:
Also,

[root@web ~]# type -p openssl
/usr/bin/openssl
[root@web ~]# ldd $(type -p openssl)
      linux-vdso.so.1 =>  (0x00007fffe2750000)
      libssl.so.1.1 => /usr/lib64/libssl.so.1.1 (0x00007f3d54a12000)
      libcrypto.so.1.1 => /usr/lib64/libcrypto.so.1.1 (0x00007f3d5458a000)
      libdl.so.2 => /usr/lib64/libdl.so.2 (0x00007f3d54386000)
      libpthread.so.0 => /usr/lib64/libpthread.so.0 (0x00007f3d5416a000)
      libc.so.6 => /usr/lib64/libc.so.6 (0x00007f3d53da7000)
      /lib64/ld-linux-x86-64.so.2 (0x0000562188735000)
[root@web ~]#

Author

Commented:
Final step before OpenSSH-7.6.p1 installation:
With the exception of the first set of instructions which are already done, can I just proceed to install as described here?

http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssh.html
Duncan RoeSoftware Developer
CERTIFIED EXPERT

Commented:
With regard to https:#a42455563, it's fine that there are symlinks to old library versions: these are required so old programs keep working. However libssl.so should be a symlink to libssl.so.1.1 (they are identical - try diff)
Duncan RoeSoftware Developer
CERTIFIED EXPERT

Commented:
With regard to https:#a42455649, I assume you mean the user and group are already set up?
It's certainly worth trying the rest now.

Author

Commented:
Hi Duncan, I was able to update to OpenSSH-7.6.p1. I am still having an issue connecting back to my server via SSH. At this time I'm still connected but I tried to establish another connection and it is giving me some errors so I ran this command and got this:

[root@web ssh]# systemctl status sshd.service
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Fri 2018-02-02 18:55:56 EST; 36s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 13384 ExecStart=/usr/sbin/sshd -D $OPTIONS (code=exited, status=1/FAILURE)
Main PID: 13384 (code=exited, status=1/FAILURE)

Feb 02 18:55:56 web.vacationpeople.net sshd[13384]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 02 18:55:56 web.vacationpeople.net sshd[13384]: Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
Feb 02 18:55:56 web.vacationpeople.net sshd[13384]: It is required that your private key files are NOT accessible by others.
Feb 02 18:55:56 web.vacationpeople.net sshd[13384]: This private key will be ignored.
Feb 02 18:55:56 web.vacationpeople.net sshd[13384]: key_load_private: bad permissions
Feb 02 18:55:56 web.vacationpeople.net sshd[13384]: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Feb 02 18:55:56 web.vacationpeople.net sshd[13384]: sshd: no hostkeys available -- exiting.
Feb 02 18:55:56 web.vacationpeople.net systemd[1]: Failed to start OpenSSH server daemon.
Feb 02 18:55:56 web.vacationpeople.net systemd[1]: Unit sshd.service entered failed state.
Feb 02 18:55:56 web.vacationpeople.net systemd[1]: sshd.service failed.
[root@web ssh]#

I have opened a ticket with my service provide to see if they can troubleshoot it while I'm still connected; but for the looks of it,  seems to be a problem with permissions.

I think I'm very close to finally be done. I will let you know as soon as I can get this corrected and I will rate this question then. Thank you so much for the help you have given me so far.

Thanks,

Jorge
Duncan RoeSoftware Developer
CERTIFIED EXPERT

Commented:
Try chmod 600 /etc/ssh/ssh_host_ed25519_key

Author

Commented:
Thank you, That changed the permissions but I'm still having problems connecting so I ran this: but I don't know how to exit this and change permissions to those keys

[root@web ssh]# journalctl -xe
Feb 02 20:01:10 web.vacationpeople.net sshd[15584]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 02 20:01:10 web.vacationpeople.net sshd[15584]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Feb 02 20:01:10 web.vacationpeople.net sshd[15584]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 02 20:01:10 web.vacationpeople.net sshd[15584]: error: Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
Feb 02 20:01:10 web.vacationpeople.net sshd[15584]: error: It is required that your private key files are NOT accessible by others.
Feb 02 20:01:10 web.vacationpeople.net sshd[15584]: error: This private key will be ignored.
Feb 02 20:01:10 web.vacationpeople.net sshd[15584]: error: key_load_private: bad permissions
Feb 02 20:01:10 web.vacationpeople.net sshd[15584]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Feb 02 20:01:11 web.vacationpeople.net sshd[15584]: Unable to negotiate with 122.166.191.100 port 9993: no matching host key type found. Their offer:
Feb 02 20:01:22 web.vacationpeople.net courier-pop3s[11919]: Unexpected SSL connection shutdown.
Feb 02 20:01:47 web.vacationpeople.net systemd[1]: sshd.service start operation timed out. Terminating.
Feb 02 20:01:47 web.vacationpeople.net sshd[15536]: Received signal 15; terminating.
Feb 02 20:01:47 web.vacationpeople.net systemd[1]: Failed to start OpenSSH server daemon.
-- Subject: Unit sshd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit sshd.service has failed.
--
-- The result is failed.
Feb 02 20:01:47 web.vacationpeople.net systemd[1]: Unit sshd.service entered failed state.
Feb 02 20:01:47 web.vacationpeople.net systemd[1]: sshd.service failed.
Feb 02 20:01:47 web.vacationpeople.net polkitd[632]: Unregistered Authentication Agent for unix-process:15519:136579556 (system bus name :1.8964, obj
Feb 02 20:02:00 web.vacationpeople.net postfix/master[12644]: warning: master_wakeup_timer_event: service pickup(public/pickup): Connection refused
Feb 02 20:02:22 web.vacationpeople.net courier-pop3s[11919]: Unexpected SSL connection shutdown.
Feb 02 20:02:29 web.vacationpeople.net systemd[1]: sshd.service holdoff time over, scheduling restart.
Feb 02 20:02:29 web.vacationpeople.net systemd[1]: Starting OpenSSH server daemon...
-- Subject: Unit sshd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit sshd.service has begun starting up.
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: /etc/ssh/sshd_config line 83: Unsupported option GSSAPIAuthentication
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: /etc/ssh/sshd_config line 84: Unsupported option GSSAPICleanupCredentials
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: /etc/ssh/sshd_config line 100: Unsupported option UsePAM
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: It is required that your private key files are NOT accessible by others.
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: This private key will be ignored.
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: key_load_private: bad permissions
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: Could not load host key: /etc/ssh/ssh_host_rsa_key
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: Server listening on 0.0.0.0 port 22.
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: It is required that your private key files are NOT accessible by others.
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: This private key will be ignored.
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: key_load_private: bad permissions
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Feb 02 20:02:29 web.vacationpeople.net sshd[15601]: Server listening on :: port 22.
Feb 02 20:02:47 web.vacationpeople.net named[18333]: client 74.82.47.22#36192 (dnsscan.shadowserver.org): query (cache) 'dnsscan.shadowserver.org/A/I
Feb 02 20:02:50 web.vacationpeople.net postfix/master[12644]: warning: master_wakeup_timer_event: service qmgr(public/qmgr): Connection refused
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: rexec line 83: Unsupported option GSSAPIAuthentication
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: rexec line 84: Unsupported option GSSAPICleanupCredentials
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: rexec line 100: Unsupported option UsePAM
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: It is required that your private key files are NOT accessible by others.
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: This private key will be ignored.
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: key_load_private: bad permissions
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: Could not load host key: /etc/ssh/ssh_host_rsa_key
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: It is required that your private key files are NOT accessible by others.
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: This private key will be ignored.
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: key_load_private: bad permissions
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Feb 02 20:02:50 web.vacationpeople.net sshd[15604]: Unable to negotiate with 59.124.125.152 port 1801: no matching host key type found. Their offer:
Feb 02 20:02:52 web.vacationpeople.net postfix/smtpd[15689]: warning: hostname no-reverse-dns-configured.com does not resolve to address 80.82.70.210
Feb 02 20:02:52 web.vacationpeople.net postfix/smtpd[15689]: connect from unknown[80.82.70.210]
Feb 02 20:02:52 web.vacationpeople.net postfix/smtpd[15689]: disconnect from unknown[80.82.70.210]
Feb 02 20:02:54 web.vacationpeople.net postfix/smtpd[15689]: warning: hostname no-reverse-dns-configured.com does not resolve to address 80.82.70.210
Feb 02 20:02:54 web.vacationpeople.net postfix/smtpd[15689]: connect from unknown[80.82.70.210]
Feb 02 20:02:55 web.vacationpeople.net postfix/smtpd[15689]: disconnect from unknown[80.82.70.210]
Feb 02 20:02:55 web.vacationpeople.net postfix/smtpd[15689]: warning: hostname no-reverse-dns-configured.com does not resolve to address 80.82.70.210
Feb 02 20:02:55 web.vacationpeople.net postfix/smtpd[15689]: connect from unknown[80.82.70.210]
Feb 02 20:02:56 web.vacationpeople.net postfix/smtpd[15689]: disconnect from unknown[80.82.70.210]
Feb 02 20:02:57 web.vacationpeople.net postfix/smtpd[15689]: warning: hostname no-reverse-dns-configured.com does not resolve to address 80.82.70.210
lines 1045-1129/1131 100%

Author

Commented:
Thank you Duncan, I was able to link/move the libraries to the lib64 directory and right after that I was able to update OpenSSh.

Thank you so much for your patience.

Jorge Batres
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.