Security
cancel
Showing results for 
Search instead for 
Did you mean: 

OpenSSH-7.0p1depots for OpenSSL-1.0.1 available for all HP-UX flavors

 
Highlighted
H.Merijn Brand (procura
Honored Contributor

OpenSSH-7.0p1depots for OpenSSL-1.0.1 available for all HP-UX flavors

OpenSSH-7.0p1 comes with a lot of changes that I was eagerly awaiting. I seldom cheer with every change a new release has, but this one really made my day.

 

SHA1 sums plus direct links:
9d18173d3740599167c11511d219b8a7acf3c90d openssh-7.0p1-10.20.sd.bz (32bit)
0fb1636749d6a1896a593629d0ea871132186013 openssh-7.0p1-11.00.sd.bz (32bit)
31571aa5290f73925f94949d7c1efdd932957096 openssh-7.0p1-11.11.sd.bz (64bit)
bca87b5cf9ecbcb9b715d82f393a3f65cda82cdb openssh-7.0p1-11.23-pa2.sd.bz (64bit)
475e881af54a3eebd5c620ef50de684e3a3fdc97 openssh-7.0p1-11.23.sd.bz (64bit)
5668037b3c56369666e6037a1cb9c55b824930cb openssh-7.0p1-11.31.sd.bz (64bit)

 

Mirror sites:

http://ftp.nluug.nl/os/HPUX/itrc/ (high bandwidth)
http://mirrors.develooper.com/hpux/ (high bandwidth)
http://tux.nl/itrc/web/
http://www.cmve.net/~merijn/ (low bandwidth)
http://itrc@www.hpux.ws/merijn/ (which looks outdated)

Installation instructions:
su# cd /tmp
su# bzip2 -d openssh-1.0-11.31.sd.bz
su# swinstall -s /tmp/openssh-6.9p1-11.31.sd \*

Will install in /usr/local

Enjoy, Have FUN! H.Merijn
11 REPLIES 11
Patrick Wallek
Honored Contributor

Re: OpenSSH-7.0p1depots for OpenSSL-1.0.1 available for all HP-UX flavors

Hi Merijn,

 

A quick question on your OpenSSH compiles -- Did you compile all versions on the same server?  The reason I ask is that Bill Hassell and I have been working with OpenSSH on a bunch of our test systems and have been having issues with the ZLIB library that is used.

 

For HP-UX 11.23 both Itanium and PA-RISC I had to copy the libz.sl library from the HP-UX 11.11 server in order to get SSH to work.  Is that expected behavior?

 

Thanks!

H.Merijn Brand (procura
Honored Contributor

Re: OpenSSH-7.0p1depots for OpenSSL-1.0.1 available for all HP-UX flavors

All builds were done on the target-architecture (6 different machines).

 

zlib (libz) has also been compiled by myself (on the target architecture). zlib-1.2.8 is also available on my site.

If you miss anything, just poke me.

Enjoy, Have FUN! H.Merijn
Patrick Wallek
Honored Contributor

Re: OpenSSH-7.0p1depots for OpenSSL-1.0.1 available for all HP-UX flavors

If all builds were done on the target architecture, why would the libz.sl from HP-UX 11.11 be the one needed for them to work on HP-UX 11.23?

 

Here is what we were getting on an 11.23 Itanium server:

 

# /usr/local/sbin/sshd

/usr/lib/pa20_64/dld.sl: '/usr/lib/pa20_64/libz.sl' is not a valid load module: Bad machine type

 

 

# ll /usr/lib/pa20_64/libz.sl
lrwxr-xr-x 1 root sys 28 Aug 16 20:06 /usr/lib/pa20_64/libz.sl -> /usr/local/lib/libz-1.2.8.so

 

# file /usr/local/lib/libz-1.2.8.so
/usr/local/lib/libz-1.2.8.so: ELF-64 shared object file - IA64

 

# cd /usr/lib/pa20_64
# ll libz*
lrwxr-xr-x 1 root sys 27 Aug 16 20:07 libz.a -> /usr/local/lib/libz-1.2.8.a
lrwxr-xr-x 1 root sys 28 Aug 16 20:06 libz.sl -> /usr/local/lib/libz-1.2.8.so

 

# mv libz.sl libz.sl.orig
# rcp atl7v2:/usr/local/lib/libz.sl .
# ll libz*
lrwxr-xr-x 1 root sys 27 Aug 16 20:07 libz.a -> /usr/local/lib/libz-1.2.8.a
-rwxr-xr-x 1 root sys 160904 Aug 17 09:36 libz.sl
lrwxr-xr-x 1 root sys 28 Aug 16 20:06 libz.sl.orig -> /usr/local/lib/libz-1.2.8.so

 

# file libz.sl
libz.sl: ELF-64 shared object file - PA-RISC 2.0 (LP64)

 

# /usr/local/sbin/sshd
Could not load host key: /usr/local/etc/ssh_host_rsa_key
Could not load host key: /usr/local/etc/ssh_host_dsa_key
Could not load host key: /usr/local/etc/ssh_host_ecdsa_key
Could not load host key: /usr/local/etc/ssh_host_ed25519_key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.

 

# model
ia64 hp server rx1620
# uname -a
HP-UX atl8v2 B.11.23 U ia64 2724015363 unlimited-user license

H.Merijn Brand (procura
Honored Contributor

Re: OpenSSH-7.0p1depots for OpenSSL-1.0.1 available for all HP-UX flavors

Are those *my* sshd's?

 

I expect you to install your own shared libz in the search path of the binaries.

$LD_LIBRARY_PATH and $SHLIB_PATH are both supported

forgive me the bad indents in the paste below. I still hate how this forum works (or doesn't work)

 

11.31:

# model
ia64 hp server rx2660

# chatr /usr/local/sbin/sshd
/usr/local/sbin/sshd:
64-bit ELF executable
shared library dynamic path search:
LD_LIBRARY_PATH enabled first
SHLIB_PATH enabled second
embedded path enabled third .:openbsd-compat/:/usr/local/ssl/lib:/pro/local/lib:/usr/lib/hpux64:/opt/langtools/lib/hpux64
shared library list:
libcrypto.so
libz.so
libnsl.so.1
libxnet.so.1
libsec.so.1
libc.so.1
shared library binding:
deferred
global hash table disabled
global hash table size 1103
shared library mapped private disabled
runtime checks disabled
shared library segment merging disabled
shared vtable support disabled
explicit unloading disabled
linkage table protection disabled
segments:
index type address flags size
8 text 4000000000000000 z---c- D (default)
9 data 6000000000000000 ---m-- D (default)
executable from stack: D (default)
kernel assisted branch prediction enabled
lazy swap allocation for dynamic segments disabled
nulptr dereferences trap disabled
address space model: default
caliper dynamic instrumentation disabled

# llldd /usr/local/sbin/sshd
ldd[01] on /usr/local/sbin/sshd <=
ldd[02] on /usr/local/ssl/lib/libcrypto.so <= /usr/local/sbin/sshd-7.0p1
ldd[02] on /pro/local/lib/libz.so <= /usr/local/sbin/sshd-7.0p1
ldd[02] on /usr/lib/hpux64/libnsl.so.1 <= /usr/local/sbin/sshd-7.0p1
ldd[03] on /usr/lib/hpux64/libc.so.1 <= /usr/lib/hpux64/libnsl.so.1
ldd[04] on /usr/lib/hpux64/libdl.so.1 <= /usr/lib/hpux64/libc.so.1
ldd[03] on /usr/lib/hpux64/libxti.so.1 <= /usr/lib/hpux64/libnsl.so.1
ldd[03] on /usr/lib/hpux64/libdl.so.1 <= /usr/lib/hpux64/libnsl.so.1
ldd[02] on /usr/lib/hpux64/libxnet.so.1 <= /usr/local/sbin/sshd-7.0p1
ldd[03] on /usr/lib/hpux64/libxti.so.1 <= /usr/lib/hpux64/libxnet.so.1
ldd[02] on /usr/lib/hpux64/libsec.so.1 <= /usr/local/sbin/sshd-7.0p1
ldd[03] on /usr/lib/hpux64/libm.so.1 <= /usr/lib/hpux64/libsec.so.1
ldd[02] on /usr/lib/hpux64/libc.so.1 <= /usr/local/sbin/sshd-7.0p1
ldd[02] on /usr/lib/hpux64/libxti.so.1 <= /usr/local/sbin/sshd-7.0p1
ldd[02] on /usr/lib/hpux64/libxti.so.1 <= /usr/local/sbin/sshd-7.0p1
ldd[02] on /usr/lib/hpux64/libm.so.1 <= /usr/local/sbin/sshd-7.0p1
ldd[02] on /usr/lib/hpux64/libdl.so.1 <= /usr/local/sbin/sshd-7.0p1
Lib Real path Size Date Refs
------------------------------------ ------------------------------------ --------- ------------------- ----
/usr/local/sbin/sshd /usr/local/sbin/sshd-7.0p1 2427232 2015-08-12 11:53:13 10
/usr/local/ssl/lib/libcrypto.so /usr/local/ssl/lib/libcrypto-1.0.1p. 6545272 2015-07-09 17:49:25 0
/pro/local/lib/libz.so /pro/local/lib/libz-1.2.8.so 344976 2013-08-07 21:23:04 0
/usr/lib/hpux64/libnsl.so.1 /usr/lib/hpux64/libnsl.so.1 1511400 2010-07-30 16:06:08 3
/usr/lib/hpux64/libc.so.1 /usr/lib/hpux64/libc.so.1 4900360 2012-08-27 09:33:45 1
/usr/lib/hpux64/libdl.so.1 /usr/lib/hpux64/libdl.so.1 78704 2012-07-20 08:34:04 0
/usr/lib/hpux64/libxti.so.1 /usr/lib/hpux64/libxti.so.1 298552 2011-02-22 16:00:36 0
/usr/lib/hpux64/libxnet.so.1 /usr/lib/hpux64/libxnet.so.1 96464 2007-02-15 22:32:55 1
/usr/lib/hpux64/libsec.so.1 /usr/lib/hpux64/libsec.so.1 586016 2011-02-08 15:56:30 1
/usr/lib/hpux64/libm.so.1 /usr/lib/hpux64/libm.so.1 6481912 2011-05-18 22:53:12 0

# ll /pro/local/lib/libz*.so
54713 lrwxrwxrwx 1 merijn softwr 13 Sep 8 2011 /pro/local/lib/libz-1.2.5.so -> libz-1.2.5.sl
259788 lrwxrwxrwx 1 merijn softwr 13 Aug 7 2013 /pro/local/lib/libz-1.2.7.so -> libz-1.2.7.sl
261002 -rwxr-xr-x 1 merijn softwr 344976 Aug 7 2013 /pro/local/lib/libz-1.2.8.so
674 lrwxrwxrwx 1 merijn softwr 13 Aug 7 2013 /pro/local/lib/libz.so -> libz-1.2.8.so

# ll /usr/local/lib/libz*.so
20374 lrwxrwxrwx 1 merijn softwr 28 Aug 7 2013 /usr/local/lib/libz-1.2.7.so -> /pro/local/lib/libz-1.2.7.so
18367 lrwxrwxrwx 1 merijn softwr 28 Aug 17 18:00 /usr/local/lib/libz-1.2.8.so -> /pro/local/lib/libz-1.2.8.so
18366 lrwxrwxrwx 1 merijn softwr 13 Aug 17 18:00 /usr/local/lib/libz.so -> libz-1.2.8.so

Enjoy, Have FUN! H.Merijn
H.Merijn Brand (procura
Honored Contributor

Re: OpenSSH-7.0p1depots for OpenSSL-1.0.1 available for all HP-UX flavors

On 11.31/IPf/64 I did not depend on libz.so. I linked to libz.a (which has +Z objects)

 

# llldd /usr/local/sbin/sshd
ldd[01] on /usr/local/sbin/sshd <=
ldd[02] on /usr/local/ssl/lib/libcrypto.so <= /usr/local/sbin/sshd-7.0p1
ldd[02] on /usr/local/ssl/lib/libz.so <= /usr/local/sbin/sshd-7.0p1
ldd[02] on /usr/lib/hpux64/libnsl.so.1 <= /usr/local/sbin/sshd-7.0p1
ldd[03] on /usr/lib/hpux64/libxti.so.1 <= /usr/lib/hpux64/libnsl.so.1
ldd[02] on /usr/lib/hpux64/libxnet.so.1 <= /usr/local/sbin/sshd-7.0p1
ldd[03] on /usr/lib/hpux64/libxti.so.1 <= /usr/lib/hpux64/libxnet.so.1
ldd[02] on /usr/lib/hpux64/libsec.so.1 <= /usr/local/sbin/sshd-7.0p1
ldd[03] on /usr/lib/hpux64/libm.so.1 <= /usr/lib/hpux64/libsec.so.1
ldd[02] on /usr/lib/hpux64/libc.so.1 <= /usr/local/sbin/sshd-7.0p1
ldd[03] on /usr/lib/hpux64/libdl.so.1 <= /usr/lib/hpux64/libc.so.1
ldd[02] on /usr/lib/hpux64/libxti.so.1 <= /usr/local/sbin/sshd-7.0p1
ldd[02] on /usr/lib/hpux64/libxti.so.1 <= /usr/local/sbin/sshd-7.0p1
ldd[02] on /usr/lib/hpux64/libm.so.1 <= /usr/local/sbin/sshd-7.0p1
ldd[02] on /usr/lib/hpux64/libdl.so.1 <= /usr/local/sbin/sshd-7.0p1
Lib Real path Size Date Refs
------------------------------- ------------------------------------------------------ --------- ------------------- ----
/usr/local/sbin/sshd /usr/local/sbin/sshd-7.0p1 2493520 2015-08-12 12:28:50 10
/usr/local/ssl/lib/libcrypto.so /usr/local/ssl/lib/libcrypto-1.0.1p.so 6545136 2015-07-09 17:58:03 0
/usr/local/ssl/lib/libz.so /usr/local/ssl/lib/libz-1.2.8.so 338712 2014-02-24 16:23:16 0
/usr/lib/hpux64/libnsl.so.1 /usr/lib/hpux64/libnsl.so.1 1649152 2008-12-19 05:03:57 1
/usr/lib/hpux64/libxti.so.1 /opt/star-ncf-prod/ep_patch/usr/lib/hpux64/libxti.so.1 312440 2008-01-04 21:20:43 0
/usr/lib/hpux64/libxnet.so.1 /usr/lib/hpux64/libxnet.so.1 37936 2004-08-27 03:41:55 1
/usr/lib/hpux64/libsec.so.1 /usr/lib/hpux64/libsec.so.1 503008 2007-10-26 10:39:19 1
/usr/lib/hpux64/libm.so.1 /usr/lib/hpux64/libm.so.1 6444800 2009-12-16 03:50:21 0
/usr/lib/hpux64/libc.so.1 /usr/lib/hpux64/libc.so.1 4371904 2011-03-15 16:49:52 1
/usr/lib/hpux64/libdl.so.1 /usr/lib/hpux64/libdl.so.1 78704 2011-06-08 12:56:18 0

Enjoy, Have FUN! H.Merijn
Dennis Handly
Acclaimed Contributor

Re: OpenSSH-7.0p1depots for OpenSSL-1.0.1 available for all HP-UX flavors

>/usr/lib/pa20_64/libz.sl is not a valid load module: Bad machine type

>/usr/local/lib/libz-1.2.8.so: ELF-64 shared object file - IA64

 

This should be a PA-RISC version.  Which you later fixed.

 

Your problem is that you don't have consistent 4 directories for libs in /usr/lib/.

You need PA vs IPF and 32/64.

Patrick Wallek
Honored Contributor

Re: OpenSSH-7.0p1depots for OpenSSL-1.0.1 available for all HP-UX flavors

I think we may have figured out part of our problem with the 11.23 Itanium server.  Apparently the PA-RISC version of SSH was accidentally loaded on Itanium and swinstall did not check the architecture and let the load proceed.

 

We're going to remove the PA-RISC version of SSH and load the Itanium version.  That should help immensely.

 

 

Dennis Handly
Acclaimed Contributor

Re: OpenSSH-7.0p1depots for OpenSSL-1.0.1 available for all HP-UX flavors

>swinstall did not check the architecture

 

You need to add explicit checks so that swinstall will check.

H.Merijn Brand (procura
Honored Contributor

Re: OpenSSH-7.0p1depots for OpenSSL-1.0.1 available for all HP-UX flavors

My template and how it expands for OpenSSH-7.0p1:

 

https://gist.github.com/Tux/dd607326bc17e57f75bf

 

Something I am missing?

Enjoy, Have FUN! H.Merijn