After switching back to stock openssl, I was able to connect.
# yum replace openssl10 --replace-with openssl
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
* epel: mirror.steadfast.net
* ius: mirror.rackspace.hk
Replacing packages takes time, please be patient...
WARNING: Unable to resolve all providers: ['config(openssl10-libs)', 'openssl-libs', 'openssl-libs(x86-64)', 'openssl10-libs', 'openssl10-libs(x86-64)', 'openssl10', 'openssl10(x86-64)']
This may be normal depending on the package. Continue? [y/N] y
Resolving Dependencies
--> Running transaction check
---> Package openssl.x86_64 0:1.0.1e-15.el6 will be installed
---> Package openssl10.x86_64 0:1.0.1e-2.ius.centos6 will be erased
---> Package openssl10-libs.x86_64 0:1.0.1e-2.ius.centos6 will be erased
--> Finished Dependency Resolution
Dependencies Resolved
=======================================================================================================================
Package Arch Version Repository Size
=======================================================================================================================
Installing:
openssl x86_64 1.0.1e-15.el6 base 1.5 M
Removing:
openssl10 x86_64 1.0.1e-2.ius.centos6 @ius 1.5 M
openssl10-libs x86_64 1.0.1e-2.ius.centos6 @ius 2.2 M
Complete!
# ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is a7:f1:24:99:dd:e1:25:32:34:f7:ef:aa:19:71:9d:4d.
Are you sure you want to continue connecting (yes/no)?no
# rpm -qa |grep openssl
openssl-1.0.1e-15.el6.x86_64
I spun up another test server, switched to openssl10, updated to 6.5 and got the follow when I attempted to restart sshd:
# /etc/init.d/sshd restart
Stopping sshd: [ OK ]
Starting sshd: /usr/sbin/sshd: relocation error: /usr/sbin/sshd: symbol SSLeay_version, version OPENSSL_1.0.1 not defined in file libcrypto.so.10 with link time reference [FAILED]
My connection did not drop even though sshd was not running. Switching back to stock openssl, I was able to start sshd:
# yum replace openssl10 --replace-with openssl
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
* epel: mirror.steadfast.net
* ius: ord.mirror.rackspace.com
Replacing packages takes time, please be patient...
WARNING: Unable to resolve all providers: ['config(openssl10-libs)', 'openssl-libs', 'openssl-libs(x86-64)', 'openssl10-libs', 'openssl10-libs(x86-64)', 'openssl10', 'openssl10(x86-64)']
This may be normal depending on the package. Continue? [y/N] y
Resolving Dependencies
--> Running transaction check
---> Package openssl.x86_64 0:1.0.1e-15.el6 will be installed
---> Package openssl10.x86_64 0:1.0.1e-2.ius.centos6 will be erased
---> Package openssl10-libs.x86_64 0:1.0.1e-2.ius.centos6 will be erased
--> Finished Dependency Resolution
Dependencies Resolved
=======================================================================================================================
Package Arch Version Repository Size
=======================================================================================================================
Installing:
openssl x86_64 1.0.1e-15.el6 base 1.5 M
Removing:
openssl10 x86_64 1.0.1e-2.ius.centos6 @ius 1.5 M
openssl10-libs x86_64 1.0.1e-2.ius.centos6 @ius 2.2 M
Seeing that Red Hat and CentOS now provides a current version of openssl, and IUS's openssl10 is causing breakage. We are going to go ahead and EOL openssl10. All openssl10 packages will still be available in the archive repos for the time being. An official announcement will be coming soon.
Hello Michael,
I was able to recreate the behavior you reported. I spun up a CentOS 6.4 server and switched it to use IUS's openssl10. Then I upgraded to 6.5:
# cat /etc/issue
CentOS release 6.4 (Final)
Kernel \r on an \m
# rpm -qa |grep openssl libs-1. 0.1e-2. ius.centos6. x86_64 1.0.1e- 2.ius.centos6. x86_64
openssl10-
openssl10-
# yum upgrade
...
# ssh localhost
ssh: relocation error: ssh: symbol SSLeay_version, version OPENSSL_1.0.1 not defined in file libcrypto.so.10 with link time reference
and from a remote machine:
$ ssh <email address hidden> identification: read: Connection reset by peer
ssh_exchange_
After switching back to stock openssl, I was able to connect.
# yum replace openssl10 --replace-with openssl steadfast. net
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
* epel: mirror.
* ius: mirror.rackspace.hk
Replacing packages takes time, please be patient...
WARNING: Unable to resolve all providers: ['config( openssl10- libs)', 'openssl-libs', 'openssl- libs(x86- 64)', 'openssl10-libs', 'openssl10- libs(x86- 64)', 'openssl10', 'openssl10( x86-64) ']
This may be normal depending on the package. Continue? [y/N] y 2.ius.centos6 will be erased libs.x86_ 64 0:1.0.1e- 2.ius.centos6 will be erased
Resolving Dependencies
--> Running transaction check
---> Package openssl.x86_64 0:1.0.1e-15.el6 will be installed
---> Package openssl10.x86_64 0:1.0.1e-
---> Package openssl10-
--> Finished Dependency Resolution
Dependencies Resolved
======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= 2.ius.centos6 @ius 1.5 M 2.ius.centos6 @ius 2.2 M
Package Arch Version Repository Size
=======
Installing:
openssl x86_64 1.0.1e-15.el6 base 1.5 M
Removing:
openssl10 x86_64 1.0.1e-
openssl10-libs x86_64 1.0.1e-
Transaction Summary ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= =======
=======
Install 1 Package(s)
Remove 2 Package(s)
Total download size: 1.5 M 1.0.1e- 15.el6. x86_64. rpm | 1.5 MB 00:00 1.0.1e- 15.el6. x86_64 1/3 1.0.1e- 2.ius.centos6. x86_64 2/3 libs-1. 0.1e-2. ius.centos6. x86_64 3/3 1.0.1e- 15.el6. x86_64 1/3 1.0.1e- 2.ius.centos6. x86_64 2/3 libs-1. 0.1e-2. ius.centos6. x86_64 3/3
Is this ok [y/N]: y
Downloading Packages:
openssl-
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : openssl-
Erasing : openssl10-
Erasing : openssl10-
Verifying : openssl-
Verifying : openssl10-
Verifying : openssl10-
Removed: 2.ius.centos6 openssl10- libs.x86_ 64 0:1.0.1e- 2.ius.centos6
openssl10.x86_64 0:1.0.1e-
Installed:
openssl.x86_64 0:1.0.1e-15.el6
Complete! 99:dd:e1: 25:32:34: f7:ef:aa: 19:71:9d: 4d. 1.0.1e- 15.el6. x86_64
# ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is a7:f1:24:
Are you sure you want to continue connecting (yes/no)?no
# rpm -qa |grep openssl
openssl-
I spun up another test server, switched to openssl10, updated to 6.5 and got the follow when I attempted to restart sshd:
# /etc/init.d/sshd restart
[FAILED]
Stopping sshd: [ OK ]
Starting sshd: /usr/sbin/sshd: relocation error: /usr/sbin/sshd: symbol SSLeay_version, version OPENSSL_1.0.1 not defined in file libcrypto.so.10 with link time reference
My connection did not drop even though sshd was not running. Switching back to stock openssl, I was able to start sshd:
# yum replace openssl10 --replace-with openssl steadfast. net rackspace. com
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
* epel: mirror.
* ius: ord.mirror.
Replacing packages takes time, please be patient...
WARNING: Unable to resolve all providers: ['config( openssl10- libs)', 'openssl-libs', 'openssl- libs(x86- 64)', 'openssl10-libs', 'openssl10- libs(x86- 64)', 'openssl10', 'openssl10( x86-64) ']
This may be normal depending on the package. Continue? [y/N] y 2.ius.centos6 will be erased libs.x86_ 64 0:1.0.1e- 2.ius.centos6 will be erased
Resolving Dependencies
--> Running transaction check
---> Package openssl.x86_64 0:1.0.1e-15.el6 will be installed
---> Package openssl10.x86_64 0:1.0.1e-
---> Package openssl10-
--> Finished Dependency Resolution
Dependencies Resolved
======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= 2.ius.centos6 @ius 1.5 M 2.ius.centos6 @ius 2.2 M
Package Arch Version Repository Size
=======
Installing:
openssl x86_64 1.0.1e-15.el6 base 1.5 M
Removing:
openssl10 x86_64 1.0.1e-
openssl10-libs x86_64 1.0.1e-
Transaction Summary ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ======= =======
=======
Install 1 Package(s)
Remove 2 Package(s)
Total download size: 1.5 M 1.0.1e- 15.el6. x86_64. rpm | 1.5 MB 00:00 1.0.1e- 15.el6. x86_64 1/3 1.0.1e- 2.ius.centos6. x86_64 2/3 libs-1. 0.1e-2. ius.centos6. x86_64 3/3 1.0.1e- 15.el6. x86_64 1/3 1.0.1e- 2.ius.centos6. x86_64 2/3 libs-1. 0.1e-2. ius.centos6. x86_64 3/3
Is this ok [y/N]: y
Downloading Packages:
openssl-
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : openssl-
Erasing : openssl10-
Erasing : openssl10-
Verifying : openssl-
Verifying : openssl10-
Verifying : openssl10-
Removed: 2.ius.centos6 openssl10- libs.x86_ 64 0:1.0.1e- 2.ius.centos6
openssl10.x86_64 0:1.0.1e-
Installed:
openssl.x86_64 0:1.0.1e-15.el6
Complete!
# /etc/init.d/sshd restart
Stopping sshd: [FAILED]
Starting sshd: [ OK ]
Seeing that Red Hat and CentOS now provides a current version of openssl, and IUS's openssl10 is causing breakage. We are going to go ahead and EOL openssl10. All openssl10 packages will still be available in the archive repos for the time being. An official announcement will be coming soon.
-Ben