FreeBSD 9.0 RELEASE + sshd

Installing and upgrading FreeBSD.

FreeBSD 9.0 RELEASE + sshd

Postby xy16644 » 10 Jun 2012, 10:14

I've just completed upgrading my system from 8.2 to 9.0 RELEASE. After the upgrade was complete I rebuilt all my ports.

One strange thing happened with SSH. After the upgrade it wasn't running and tryng to start it with:
[CMD=""]/etc/rc.d/sshd start[/CMD]

gave the error:

Code: Select all
/etc/rc.d/sshd: Command not found.


After a bit of research I did added this to [FILE]/etc/rc.conf[/FILE]:
Code: Select all
openssh_enable="YES"


I also commented out the following in [FILE]/etc/rc.conf[/FILE]:
Code: Select all
#sshd_enable="YES"
#sshd_program="/usr/local/sbin/sshd"


After rebooting I could SSH into my server again. Did I do the correct thing here? I still can't stop/start/restart SSH with:
[CMD=""]/etc/rc.d/sshd start[/CMD]
xy16644
Member
 
Posts: 783
Joined: 13 Jul 2009, 14:19

Postby kpa » 10 Jun 2012, 14:42

Any reason why you're using [man=8]sshd[/man] from ports when there's one already in the base OS? The [FILE]/etc/rc.d/sshd[/FILE] file can not be used to start the one in ports, the correct file is probably [FILE]/usr/local/etc/rc.d/openssh[/FILE]. The [man=8]service[/man] utility knows automatically which one to use:

[CMD="#"]service openssh start[/CMD]
kpa
MFC'd
 
Posts: 3399
Joined: 05 Jul 2010, 13:19
Location: People's Technocratic Republic of Finland

Postby xy16644 » 10 Jun 2012, 15:07

Good question! When I built this server...it was running FreeBSD 7.2 and at the time I followed the instructions in the book "Building a Server with FreeBSD 7 A Modular Approach" and the way to install/configure an OpenSSH server was done from ports.

Is there anything I should do to correct this now that I have upgraded to 9.0? I had commented out the old SSH lines in my [FILE]/etc/rc.conf[/FILE]. Is this enough?
xy16644
Member
 
Posts: 783
Joined: 13 Jul 2009, 14:19

Postby kpa » 10 Jun 2012, 15:48

You need to copy the key files from [FILE]/usr/local/etc/ssh[/FILE] (I think that's the correct path) to [FILE]/etc/ssh[/FILE] and verify the settings in [FILE]/etc/ssh/sshd_config[/FILE] that no references to [FILE]/usr/local/etc/ssh[/FILE] remain. Then it's just
Code: Select all
sshd_enable="YES"
in [FILE]/etc/rc.conf[/FILE] and [CMD="#"]service sshd start[/CMD] should start the [FILE]sshd[/FILE] correctly.

If you have the system sources of 9.0 installed you can just copy the default configuration files from [FILE]/usr/src/crypto/openssh/ssh/ssh(d)_config[/FILE] to [FILE]/etc/ssh[/FILE] so you can redo the configuration from clean state.
kpa
MFC'd
 
Posts: 3399
Joined: 05 Jul 2010, 13:19
Location: People's Technocratic Republic of Finland

Postby xy16644 » 10 Jun 2012, 16:07

Thanks for your reply! Looks like all my config files are already in [FILE]/etc/ssh[/FILE]. Theres no reference to [FILE]/usr/local/etc/ssh[/FILE] in [FILE]/etc/ssh/sshd_config[/FILE].

If I edit [FILE]/etc/rc.conf[/FILE] and comment out
Code: Select all
openssh_enable="YES
but enable (or uncomment)
Code: Select all
#sshd_enable="YES"
then I get the following error when I run:

[CMD=""]service sshd start[/CMD]

Code: Select all
sshd does not exist in /etc/rc.d or the local startup
directories (/usr/local/etc/rc.d)


So just to clarify, which is the correct built in SSH version I should be using?

Currently the OpenSSH version is running and working fine now but I am unsure after what you have mentioned.

Thanks!
xy16644
Member
 
Posts: 783
Joined: 13 Jul 2009, 14:19

Postby kpa » 10 Jun 2012, 16:37

I think you're missing parts of [FILE]/etc/rc.d[/FILE] (was the [FILE]openssh[/FILE] installed with some option that replaced the base [FILE]sshd[/FILE]?), again if you have the system sources copy [FILE]/usr/src/etc/rc.d/sshd[/FILE] to [FILE]/etc/rc.d/[/FILE] and try again.
kpa
MFC'd
 
Posts: 3399
Joined: 05 Jul 2010, 13:19
Location: People's Technocratic Republic of Finland

Postby xy16644 » 10 Jun 2012, 16:43

I have now copied [FILE]/usr/src/etc/rc.d/sshd[/FILE] to [FILE]/etc/rc.d/[/FILE] and re-enabled
Code: Select all
sshd_enable="YES"
in [FILE]/etc/rc.conf[/FILE] but now i get this when I try to start the sshd service:
Code: Select all
/etc/rc.d/sshd: WARNING: /usr/bin/ssh-keygen does not exist.
/etc/rc.d/sshd: WARNING: failed precmd routine for sshd


Seem to have gotten a bit further!
xy16644
Member
 
Posts: 783
Joined: 13 Jul 2009, 14:19

Postby kpa » 10 Jun 2012, 17:01

I don't guarantee this will work so make some kind of backup of your existing ssh related files before trying it.

[CMD="#"]cd /usr/src/secure/usr.bin/ssh-keygen[/CMD]
[CMD="#"]make clean[/CMD]
[CMD="#"]make depend[/CMD]
[CMD="#"]make[/CMD]
[CMD="#"]make install[/CMD]

Oh and it probably doesn't hurt to do the same in [FILE]/usr/src/secure/usr.sbin/sshd[/FILE] to make sure the [FILE]sshd[/FILE] binary is in sync with 9.0-RELEASE.
kpa
MFC'd
 
Posts: 3399
Joined: 05 Jul 2010, 13:19
Location: People's Technocratic Republic of Finland

Postby xy16644 » 10 Jun 2012, 18:35

kpa wrote:I don't guarantee this will work so make some kind of backup of your existing ssh related files before trying it.

[CMD="#"]cd /usr/src/secure/usr.bin/ssh-keygen[/CMD]
[CMD="#"]make clean[/CMD]
[CMD="#"]make depend[/CMD]
[CMD="#"]make[/CMD]
[CMD="#"]make install[/CMD]

Oh and it probably doesn't hurt to do the same in [FILE]/usr/src/secure/usr.sbin/sshd[/FILE] to make sure the [FILE]sshd[/FILE] binary is in sync with 9.0-RELEASE.


Don't think this did much.

[CMD="#"]make clean[/CMD] had the following output:
Code: Select all
rm -f ssh-keygen ssh-keygen.o roaming_dummy.o ssh-keygen.1.gz ssh-keygen.1.cat.gz


[CMD="#"]make depend[/CMD] had the following output:
Code: Select all
make: don't know how to make ssh-keygen.c. Stop


[CMD="#"]make[/CMD] had the following output:
Code: Select all
Warning: Object directory not changed from original /usr/src/secure/usr.bin/ssh-keygen
make: don't know how to make ssh-keygen.c. Stop


[CMD="#"]make install[/CMD] had the following output:
Code: Select all
install -s -o root -g wheel -m 555   ssh-keygen /usr/bin
install: ssh-keygen: No such file or directory
*** Error code 71

Stop in /usr/src/secure/usr.bin/ssh-keygen.


Not the right thing to do? :stud
xy16644
Member
 
Posts: 783
Joined: 13 Jul 2009, 14:19

Postby kpa » 10 Jun 2012, 19:19

Hmm, I guess that works for me because I have done a [cmd=]make buildworld[/cmd] and the necessary files are in place at [FILE]/usr/obj[/FILE]. You don't have to do that, you can fetch the base distribution of FreeBSD 9.0 from the ftp site and extract the needed files from that.

[CMD="#"]cd /tmp[/CMD]

Substitute [FILE]i386[/FILE] with [FILE]amd64[/FILE] if your system is [FILE]amd64[/FILE].

[CMD="#"]fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/i386/9.0-RELEASE/base.txz[/CMD]

[CMD="#"]tar -x -z -v -C / -f base.txz usr/sbin/sshd usr/bin/ssh-keygen usr/bin/ssh-add usr/bin/ssh-keyscan usr/bin/scp usr/bin/sftp usr/bin/ssh-agent[/CMD]

Careful with that, you want to extract only the listed files, nothing else. Double check what you're typing.
kpa
MFC'd
 
Posts: 3399
Joined: 05 Jul 2010, 13:19
Location: People's Technocratic Republic of Finland

Postby xy16644 » 10 Jun 2012, 19:41

That's strange, I upgraded from source and did [cmd=]make buildworld[/cmd]

I've downloaded the [FILE]base.txz[/FILE] file to my [FILE]/tmp[/FILE] folder.

The next bit looks scary hah! Is it basically extracing those files in the command from the [FILE]base.txz[/FILE] file and putting them in the correct folders off the root?

Just want to make sure I don't mess it up!
xy16644
Member
 
Posts: 783
Joined: 13 Jul 2009, 14:19

Postby kpa » 10 Jun 2012, 19:44

It will extract the files directly to correct locations. Just make sure you don't fat finger anything, extracting for example [FILE]/etc[/FILE] by accident would overwrite your [FILE]master.passwd[/FILE] file with an initial version of the file and you would lose all user accounts.

If you're unsure you can leave the [FILE]-C /[/FILE] option out and [man=1]tar[/man] will extract the files as [FILE]/tmp/usr/sbin/sshd[/FILE] etc. and you can copy those manually to correct locations.
kpa
MFC'd
 
Posts: 3399
Joined: 05 Jul 2010, 13:19
Location: People's Technocratic Republic of Finland

Postby xy16644 » 10 Jun 2012, 19:50

kpa wrote:It will extract the files directly to correct locations. Just make sure you don't fat finger anything, extracting for example [FILE]/etc[/FILE] by accident would overwrite your [FILE]master.passwd[/FILE] file with an initial version of the file and you would lose all user accounts.

If you're unsure you can leave the [FILE]-C /[/FILE] option out and [man=1]tar[/man] will extract the files as [FILE]/tmp/usr/sbin/sshd[/FILE] etc. and you copy those manually to correct locations.


Right, did all that and this is the outcome:
Code: Select all
service sshd start

You already have an RSA host key in /etc/ssh/ssh_host_key
Skipping protocol version 1 RSA Key Generation
You already have a DSA host key in /etc/ssh/ssh_host_dsa_key
Skipping protocol version 2 DSA Key Generation
You already have an RSA host key in /etc/ssh/ssh_host_rsa_key
Skipping protocol version 2 RSA Key Generation
Generating public/private ecdsa key pair.
key_generate: unknown type 5
/etc/rc.d/sshd: WARNING: failed precmd routine for sshd


Still no luck...hasn't been a good day for SSH!
xy16644
Member
 
Posts: 783
Joined: 13 Jul 2009, 14:19

Postby kpa » 10 Jun 2012, 20:30

I think you need to extract [FILE]/usr/lib/libssh.so.5[/FILE] from [FILE]base.txz[/FILE] as well using the same method.

Also move away any old copies of those binaries and libraries you find in [FILE]/usr/local/bin[/FILE], [FILE]/usr/local/sbin[/FILE] and [FILE]/usr/local/lib[/FILE].
kpa
MFC'd
 
Posts: 3399
Joined: 05 Jul 2010, 13:19
Location: People's Technocratic Republic of Finland

Postby xy16644 » 10 Jun 2012, 20:32

I can see [FILE]libssh.so.5[/FILE] is already in [FILE]/usr/lib/libssh.so.5[/FILE]. Should I go ahead and overwrite it?
xy16644
Member
 
Posts: 783
Joined: 13 Jul 2009, 14:19

Postby kpa » 10 Jun 2012, 20:35

It shouldn't break anything.
kpa
MFC'd
 
Posts: 3399
Joined: 05 Jul 2010, 13:19
Location: People's Technocratic Republic of Finland

Postby xy16644 » 10 Jun 2012, 20:43

Woohoo, it worked! Once that file was copied across and I stopped the OpenSSH service...I could successfully start the sshd service!

Thank you very much!

I was wondering, could I need to do something similar to this to get my SASL problem working:

http://forums.freebsd.org/showthread.php?t=32393

I see thats moaning about a library file too called:
[FILE]/usr/local/lib/sasl2/libgs2.so.2[/FILE]
xy16644
Member
 
Posts: 783
Joined: 13 Jul 2009, 14:19

Postby kpa » 10 Jun 2012, 20:48

That sounds like a different problem to me, maybe a mismatch with GSSAPI (that's KERBEROS I think) options between some ports?
kpa
MFC'd
 
Posts: 3399
Joined: 05 Jul 2010, 13:19
Location: People's Technocratic Republic of Finland

Postby xy16644 » 10 Jun 2012, 20:51

Well that's the thing, I am stumped with the problem at hand. I can't rebuild the port (think it moans about [FILE]krb5[/FILE]?). How does one handle a mismatch? Rebuild [FILE]krb5[/FILE]? Baffled.

PS: Rebulding [FILE]/usr/ports/security/krb5[/FILE] did nothing to help.
xy16644
Member
 
Posts: 783
Joined: 13 Jul 2009, 14:19


Return to Installing & Upgrading

Who is online

Users browsing this forum: No registered users and 0 guests