1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

FreeBSD 9.0 RELEASE + sshd

Discussion in 'Installing and Upgrading FreeBSD' started by xy16644, Jun 10, 2012.

  1. xy16644

    xy16644 New Member

    Messages:
    830
    Likes Received:
    0
    I've just completed upgrading my system from 8.2 to 9.0 RELEASE. After the upgrade was complete I rebuilt all my ports.

    One strange thing happened with SSH. After the upgrade it wasn't running and tryng to start it with:
    /etc/rc.d/sshd start

    gave the error:

    Code:
    /etc/rc.d/sshd: Command not found.
    
    After a bit of research I did added this to /etc/rc.conf:
    Code:
    openssh_enable="YES"
    I also commented out the following in /etc/rc.conf:
    Code:
    #sshd_enable="YES"
    #sshd_program="/usr/local/sbin/sshd"
    After rebooting I could SSH into my server again. Did I do the correct thing here? I still can't stop/start/restart SSH with:
    /etc/rc.d/sshd start
     
  2. kpa

    kpa Member

    Messages:
    4,026
    Likes Received:
    13
    Any reason why you're using sshd(8) from ports when there's one already in the base OS? The /etc/rc.d/sshd file can not be used to start the one in ports, the correct file is probably /usr/local/etc/rc.d/openssh. The service(8) utility knows automatically which one to use:

    # service openssh start
     
  3. xy16644

    xy16644 New Member

    Messages:
    830
    Likes Received:
    0
    Good question! When I built this server...it was running FreeBSD 7.2 and at the time I followed the instructions in the book "Building a Server with FreeBSD 7 A Modular Approach" and the way to install/configure an OpenSSH server was done from ports.

    Is there anything I should do to correct this now that I have upgraded to 9.0? I had commented out the old SSH lines in my /etc/rc.conf. Is this enough?
     
  4. kpa

    kpa Member

    Messages:
    4,026
    Likes Received:
    13
    You need to copy the key files from /usr/local/etc/ssh (I think that's the correct path) to /etc/ssh and verify the settings in /etc/ssh/sshd_config that no references to /usr/local/etc/ssh remain. Then it's just
    Code:
    sshd_enable="YES"
    
    in /etc/rc.conf and # service sshd start should start the sshd correctly.

    If you have the system sources of 9.0 installed you can just copy the default configuration files from /usr/src/crypto/openssh/ssh/ssh(d)_config to /etc/ssh so you can redo the configuration from clean state.
     
  5. xy16644

    xy16644 New Member

    Messages:
    830
    Likes Received:
    0
    Thanks for your reply! Looks like all my config files are already in /etc/ssh. Theres no reference to /usr/local/etc/ssh in /etc/ssh/sshd_config.

    If I edit /etc/rc.conf and comment out
    Code:
    openssh_enable="YES
    but enable (or uncomment)
    Code:
    #sshd_enable="YES"
    then I get the following error when I run:

    service sshd start

    Code:
    sshd does not exist in /etc/rc.d or the local startup
    directories (/usr/local/etc/rc.d)
    So just to clarify, which is the correct built in SSH version I should be using?

    Currently the OpenSSH version is running and working fine now but I am unsure after what you have mentioned.

    Thanks!
     
  6. kpa

    kpa Member

    Messages:
    4,026
    Likes Received:
    13
    I think you're missing parts of /etc/rc.d (was the openssh installed with some option that replaced the base sshd?), again if you have the system sources copy /usr/src/etc/rc.d/sshd to /etc/rc.d/ and try again.
     
  7. xy16644

    xy16644 New Member

    Messages:
    830
    Likes Received:
    0
    I have now copied /usr/src/etc/rc.d/sshd to /etc/rc.d/ and re-enabled
    Code:
    sshd_enable="YES"
    in /etc/rc.conf but now i get this when I try to start the sshd service:
    Code:
    /etc/rc.d/sshd: WARNING: /usr/bin/ssh-keygen does not exist.
    /etc/rc.d/sshd: WARNING: failed precmd routine for sshd
    
    Seem to have gotten a bit further!
     
  8. kpa

    kpa Member

    Messages:
    4,026
    Likes Received:
    13
    I don't guarantee this will work so make some kind of backup of your existing ssh related files before trying it.

    # cd /usr/src/secure/usr.bin/ssh-keygen
    # make clean
    # make depend
    # make
    # make install

    Oh and it probably doesn't hurt to do the same in /usr/src/secure/usr.sbin/sshd to make sure the sshd binary is in sync with 9.0-RELEASE.
     
  9. xy16644

    xy16644 New Member

    Messages:
    830
    Likes Received:
    0
    Don't think this did much.

    # make clean had the following output:
    Code:
    rm -f ssh-keygen ssh-keygen.o roaming_dummy.o ssh-keygen.1.gz ssh-keygen.1.cat.gz
    
    # make depend had the following output:
    Code:
    make: don't know how to make ssh-keygen.c. Stop
    
    # make had the following output:
    Code:
    Warning: Object directory not changed from original /usr/src/secure/usr.bin/ssh-keygen
    make: don't know how to make ssh-keygen.c. Stop
    
    # make install had the following output:
    Code:
    install -s -o root -g wheel -m 555   ssh-keygen /usr/bin
    install: ssh-keygen: No such file or directory
    *** Error code 71
    
    Stop in /usr/src/secure/usr.bin/ssh-keygen.
    
    Not the right thing to do? :stud
     
  10. kpa

    kpa Member

    Messages:
    4,026
    Likes Received:
    13
    Hmm, I guess that works for me because I have done a make buildworld and the necessary files are in place at /usr/obj. You don't have to do that, you can fetch the base distribution of FreeBSD 9.0 from the ftp site and extract the needed files from that.

    # cd /tmp

    Substitute i386 with amd64 if your system is amd64.

    # fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/i386/9.0-RELEASE/base.txz

    # tar -x -z -v -C / -f base.txz usr/sbin/sshd usr/bin/ssh-keygen usr/bin/ssh-add usr/bin/ssh-keyscan usr/bin/scp usr/bin/sftp usr/bin/ssh-agent

    Careful with that, you want to extract only the listed files, nothing else. Double check what you're typing.
     
  11. xy16644

    xy16644 New Member

    Messages:
    830
    Likes Received:
    0
    That's strange, I upgraded from source and did make buildworld

    I've downloaded the base.txz file to my /tmp folder.

    The next bit looks scary hah! Is it basically extracing those files in the command from the base.txz file and putting them in the correct folders off the root?

    Just want to make sure I don't mess it up!
     
  12. kpa

    kpa Member

    Messages:
    4,026
    Likes Received:
    13
    It will extract the files directly to correct locations. Just make sure you don't fat finger anything, extracting for example /etc by accident would overwrite your master.passwd file with an initial version of the file and you would lose all user accounts.

    If you're unsure you can leave the -C / option out and tar(1) will extract the files as /tmp/usr/sbin/sshd etc. and you can copy those manually to correct locations.
     
  13. xy16644

    xy16644 New Member

    Messages:
    830
    Likes Received:
    0
    Right, did all that and this is the outcome:
    Code:
    service sshd start
    
    You already have an RSA host key in /etc/ssh/ssh_host_key
    Skipping protocol version 1 RSA Key Generation
    You already have a DSA host key in /etc/ssh/ssh_host_dsa_key
    Skipping protocol version 2 DSA Key Generation
    You already have an RSA host key in /etc/ssh/ssh_host_rsa_key
    Skipping protocol version 2 RSA Key Generation
    Generating public/private ecdsa key pair.
    key_generate: unknown type 5
    /etc/rc.d/sshd: WARNING: failed precmd routine for sshd
    
    Still no luck...hasn't been a good day for SSH!
     
  14. kpa

    kpa Member

    Messages:
    4,026
    Likes Received:
    13
    I think you need to extract /usr/lib/libssh.so.5 from base.txz as well using the same method.

    Also move away any old copies of those binaries and libraries you find in /usr/local/bin, /usr/local/sbin and /usr/local/lib.
     
  15. xy16644

    xy16644 New Member

    Messages:
    830
    Likes Received:
    0
    I can see libssh.so.5 is already in /usr/lib/libssh.so.5. Should I go ahead and overwrite it?
     
  16. kpa

    kpa Member

    Messages:
    4,026
    Likes Received:
    13
    It shouldn't break anything.
     
  17. xy16644

    xy16644 New Member

    Messages:
    830
    Likes Received:
    0
    Woohoo, it worked! Once that file was copied across and I stopped the OpenSSH service...I could successfully start the sshd service!

    Thank you very much!

    I was wondering, could I need to do something similar to this to get my SASL problem working:

    http://forums.freebsd.org/showthread.php?t=32393

    I see thats moaning about a library file too called:
    /usr/local/lib/sasl2/libgs2.so.2
     
  18. kpa

    kpa Member

    Messages:
    4,026
    Likes Received:
    13
    That sounds like a different problem to me, maybe a mismatch with GSSAPI (that's KERBEROS I think) options between some ports?
     
  19. xy16644

    xy16644 New Member

    Messages:
    830
    Likes Received:
    0
    Well that's the thing, I am stumped with the problem at hand. I can't rebuild the port (think it moans about krb5?). How does one handle a mismatch? Rebuild krb5? Baffled.

    PS: Rebulding /usr/ports/security/krb5 did nothing to help.