On Sun, Nov 16, 2014 at 10:47 AM, Chandra Kumara <chandra.kumara@xxxxxxxxxxxxxx> wrote: > Hi Nico, > > I couldn't connect to the server remotely not only to root but also any secondary user. > > My issue was with "openssh-debuginfo" rpm. I used "yum remove openssh" and reinstall rpm build 6.2p2 version again (openssh, openssh-clients and openssh-server) except "openssh-debuginfo" You mean that installing openssh-debuginfo broke it? And uninstalling openssh-debuginfo fixed it? > Then upgraded to 6.6p1 also and working fine. Why are you continuing to use out of date releases? 6.7p1 is out and in production use. > This time i didn't use http://pkgs.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz to do rpm build, instead used, > > sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" openssh.spec > sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" openssh.spec > sed -i -e "s/BuildPreReq/BuildRequires/g" openssh.spec You could have just reset the 'define' statements to have value '1' %define no_gnome_askpass 1 %define no_x11_askpass 1 That way, your SRPM would still have the relevant tarball if you want it. Becasue, you see, that 'BuildPreReq' also cleared outer prereqs.such as 'glibc-devel' and 'pam'. So you actually wound up changing several things more than you needed. And in fact, there is a 'build6x' option you may want to set for your operating system. > > Regards, > Chandra Kumara, SSA > ShipXpress. > 2315 Beach Blvd - Suite 104 || Jacksonville Beach, FL 32250 > phone: +94 11 2826814/15 || website: http://www.shipxpress.com > > -----Original Message----- > From: Nico Kadel-Garcia [mailto:nkadel@xxxxxxxxx] > Sent: Saturday, November 15, 2014 6:45 AM > To: Chandra Kumara > Cc: openssh@xxxxxxxxxxx; openssh-unix-announce@xxxxxxxxxxx; openssh-unix-dev@xxxxxxxxxxx > Subject: Re: openssh upgrading. > > On Fri, Nov 14, 2014 at 1:32 PM, Chandra Kumara <chandra.kumara@xxxxxxxxxxxxxx> wrote: >> Hi Openssh support, >> >> >> >> I have upgraded openssh from 5.3p1 to 6.2p2 in a RHEL 6.6 - 64 bit >> server and now i can't login to server remotely using same root >> password. It always prompting the password saying "Permission denied, please try again." > > I just tried the 6.7p1 tarball with this procedure. Seems to work fine. The .spec file is missing the BuildRequires dependency of "/usr/bin/xmkmf" in the dependencies for the openssh-x11-aspass module, but othewise seems to work fine. > > >> Please help me to resolve the issue. >> >> >> >> Following are the steps i have followd. >> >> >> >> ---------------------------------------------------------------- >> >> [root@test ~]# ssh -V >> >> OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 >> >> >> >> [root@test ~]# cat /etc/redhat-release >> >> Red Hat Enterprise Linux Server release 6.6 (Santiago) >> >> >> >> [root@test ~]# rpm -qa |grep openssh >> >> openssh-server-5.3p1-104.el6.x86_64 >> >> openssh-clients-5.3p1-104.el6.x86_64 >> >> openssh-5.3p1-104.el6.x86_64 >> >> >> >> yum install rpm-build >> >> yum install gcc glibc-devel pam-devel libX11-devel krb5-devel >> zlib-devel >> >> yum install openssh-devel openssl-devel tcp_wrappers-devel libXt-devel >> imake gtk2-devel >> >> >> >> wget >> http://ftp.spline.de/pub/OpenBSD/OpenSSH/portable/openssh-6.2p2.tar.gz >> >> wget >> http://pkgs.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar. >> gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz >> >> >> >> tar zxvf openssh-6.2p2.tar.gz >> >> cp openssh-6.2p2/contrib/redhat/openssh.spec . >> >> rpmbuild -bb openssh.spec >> >> >> >> cp x11-ssh-askpass-1.2.4.1.tar.gz /root/rpmbuild/SOURCES/ >> >> cp openssh-6.2p2.tar.gz /root/rpmbuild/SOURCES/ >> >> cp openssh.spec /root/rpmbuild/SOURCES/ >> >> >> >> rpmbuild -bb openssh.spec >> >> >> >> cd /root/rpmbuild/RPMS/x86_64/ >> >> rpm -Uvh * >> >> /etc/init.d/sshd restart >> >> >> >> [root@test ~]# rpm -qa |grep openss >> >> openssl-devel-1.0.1e-30.el6_6.4.x86_64 >> >> openssh-server-6.2p2-1.x86_64 >> >> openssl-1.0.1e-30.el6_6.4.x86_64 >> >> openssh-askpass-gnome-6.2p2-1.x86_64 >> >> openssh-debuginfo-6.2p2-1.x86_64 >> >> openssh-6.2p2-1.x86_64 >> >> openssh-clients-6.2p2-1.x86_64 >> >> >> >> >> >> [root@plutotest .ssh]# ssh -v root@192.168.0.38 >> >> OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 >> >> debug1: Reading configuration data /etc/ssh/ssh_config >> >> debug1: Applying options for * >> >> debug1: Connecting to 192.168.0.38 [192.168.0.38] port 22. >> >> debug1: Connection established. >> >> debug1: permanently_set_uid: 0/0 >> >> debug1: identity file /root/.ssh/identity type -1 >> >> debug1: identity file /root/.ssh/identity-cert type -1 >> >> debug1: identity file /root/.ssh/id_rsa type -1 >> >> debug1: identity file /root/.ssh/id_rsa-cert type -1 >> >> debug1: identity file /root/.ssh/id_dsa type -1 >> >> debug1: identity file /root/.ssh/id_dsa-cert type -1 >> >> debug1: Remote protocol version 2.0, remote software version >> OpenSSH_6.2 >> >> debug1: match: OpenSSH_6.2 pat OpenSSH* >> >> debug1: Enabling compatibility mode for protocol 2.0 >> >> debug1: Local version string SSH-2.0-OpenSSH_5.3 >> >> debug1: SSH2_MSG_KEXINIT sent >> >> debug1: SSH2_MSG_KEXINIT received >> >> debug1: kex: server->client aes128-ctr hmac-md5 none >> >> debug1: kex: client->server aes128-ctr hmac-md5 none >> >> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent >> >> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP >> >> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent >> >> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY >> >> debug1: Host '192.168.0.38' is known and matches the RSA host key. >> >> debug1: Found key in /root/.ssh/known_hosts:9 >> >> debug1: ssh_rsa_verify: signature correct >> >> debug1: SSH2_MSG_NEWKEYS sent >> >> debug1: expecting SSH2_MSG_NEWKEYS >> >> debug1: SSH2_MSG_NEWKEYS received >> >> debug1: SSH2_MSG_SERVICE_REQUEST sent >> >> debug1: SSH2_MSG_SERVICE_ACCEPT received >> >> debug1: Authentications that can continue: >> publickey,gssapi-with-mic,password >> >> debug1: Next authentication method: gssapi-with-mic >> >> debug1: Unspecified GSS failure. Minor code may provide more >> information >> >> Cannot determine realm for numeric host address >> >> >> >> debug1: Unspecified GSS failure. Minor code may provide more >> information >> >> Cannot determine realm for numeric host address >> >> >> >> debug1: Unspecified GSS failure. Minor code may provide more >> information >> >> >> >> >> >> debug1: Unspecified GSS failure. Minor code may provide more >> information >> >> Cannot determine realm for numeric host address >> >> >> >> debug1: Next authentication method: publickey >> >> debug1: Trying private key: /root/.ssh/identity >> >> debug1: Trying private key: /root/.ssh/id_rsa >> >> debug1: Trying private key: /root/.ssh/id_dsa >> >> debug1: Next authentication method: password >> >> root@192.168.0.38's password: >> >> debug1: Authentications that can continue: >> publickey,gssapi-with-mic,password >> >> Permission denied, please try again. >> >> root@192.168.0.38's password: >> >> ---------------------------------------------------------------- >> >> Regards, >> >> Chandra Kumara, SSA >> >> ShipXpress. >> >> 2315 Beach Blvd - Suite 104 || Jacksonville Beach, FL 32250 >> >> phone: +94 11 2826814/15 || website: <http://www.shipxpress.com/> >> http://www.shipxpress.com >> >> >> >> _______________________________________________ >> openssh-unix-dev mailing list >> openssh-unix-dev@xxxxxxxxxxx >> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev