To have my server certified PCI I update the openssh version from 7.6 which should be the default one on aws ec2 to 8.1 running the following commands
sudo apt-get update
sudo apt install -y build-essential libssl-dev zlib1g-dev libpam0g-dev
wget https://launchpad.net/ubuntu/+archive/primary/+files/openssh_8.1p1.orig.tar.gz
tar -xvf openssh_8.1p1.orig.tar.gz
cd openssh_8.1p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-privsep-path=/var/lib/sshd --with-pam
sudo make install
Working great, running ssh -V I have
OpenSSH_8.1p1, OpenSSL 1.1.1 11 Sep 2018
But I do not really have the exact delay, a few days later the openssh version goes back to 7.6
OpenSSH_7.6p1 Ubuntu-4ubuntu0.5, OpenSSL 1.0.2n 7 Dec 2017
I suspect the OS (Ubuntu) has updated its SSH package overwriting your changes. The first thing to work out if you actually need the updated SSH or if you can use the operating systems version. If you really need the upgrade then work out how to prevent the os from replacing it.
Related
My Ubuntu machine is running with OpenSSL 1.1.1f 31 Mar 2020 and i would like to update to OpenSSL 1.1.1f-1ubuntu2.1, the apt upgrade does not do this so i have to manually download the package and do the make install, so after did the installation i am not able to SSH into my Ubuntu machine but the Serial console is working
i am trying to recover my SSH connection so i have uninstalled all the OpenSSL including the dependencies and removed the folders it shows on whereis openssl.
Below are the steps which is did,
1) openssl version
2) sudo apt-get update
3) sudo apt-get upgrade
4) sudo apt-get update && sudo apt-get install --only-upgrade libssl-dev, and got the message libssl-dev is already the newest version
5) sudo apt-get update && sudo apt-get install --only-upgrade openssl and got the message openssl is already the newest version
6) wget https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openssl/1.1.1f-1ubuntu2.1/openssl_1.1.1f.orig.tar.gz
7) tar -xzf openssl_1.1.1f.orig.tar.gz
8) cd openssl-1.1.1f/
9) sudo ./config
10) Sudo make
11) Sudo make test
12) Sudo make install
13) openssl version, Gives the below error so I did sudo ldconfig
openssl: symbol lookup error: openssl: undefined symbol: EVP_mdc2, version OPENSSL_1_1_0
14) sudo ldconfig
15) Then I cannot login using SSH.
Then i had Removed the OpenSSL completely from the machine and rebooted from the Serial Console, but still the SSH is not working
I'm using Amazon Corretto 8u262 version in linux 64 bit. The team is releasing new build frequently with bug fixes and additional new features. Whenever new update released, manually downloaded new build and then uninstall the old JDK and install the new downloaded version. Whether there is any way or command in linux to update Corretto 8 to latest version without downloading manually.
If you use a software package manager (yum, zypper, apk, etc) you can setup Corretto to auto-update when your package manager updates software. Instructions on how to set this up are available here: https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/generic-linux-install.html
Yes there is. Depending on what Linux you are using, you may use apt or yum to install new versions.
The instructions for 8 are here: https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/generic-linux-install.html
The instructions for 11 are here: https://docs.aws.amazon.com/corretto/latest/corretto-11-ug/generic-linux-install.html
In detail
Deb based (e.g. Ubuntu)
To use the Corretto Apt repositories on Debian-based systems, such as Ubuntu, import the Corretto public key and then add the repository to the system list by using the following commands:
wget -O- https://apt.corretto.aws/corretto.key | sudo apt-key add -
sudo add-apt-repository 'deb https://apt.corretto.aws stable main'
After the repository is added, you can install Corretto 8 by running this command:
sudo apt-get update; sudo apt-get install -y java-1.8.0-amazon-corretto-jdk
CentOs, RedHat, Amazon Linux, etc
To use Corretto RPM repositories with the yum package manager (such as Amazon Linux AMI), import the Corretto public key and then add the repository to the system list. For most systems, you must run the following commands:
sudo rpm --import https://yum.corretto.aws/corretto.key
sudo curl -L -o /etc/yum.repos.d/corretto.repo
https://yum.corretto.aws/corretto.repo
After the repository is added, you can install Corretto 8 by running this command:
sudo yum install -y java-1.8.0-amazon-corretto-devel
On an Amazon Linux 2 Docker image, "yum install gcc" installs gcc 7.3.1.
I want to install gcc 8. It seems it normally can be installed as part of "devtoolset-8" (https://www.softwarecollections.org/en/scls/rhscl/devtoolset-8/), but the instructions for either CentOS or RHEL seems not working on Amazon Linux.
So the only way to install gcc 8 on Amazon Linux is to install from source?
I also need the devtoolset-8-toolchain, how can that be installed?
Add the scl repo for centos:
sudo yum-config-manager --add-repo http://mirror.centos.org/centos/7/sclo/x86_64/rh/
Install this libgfortran dependency required for devtoolset-8:(source)
sudo yum install -y wget
wget http://mirror.centos.org/centos/7/os/x86_64/Packages/libgfortran5-8.3.1-2.1.1.el7.x86_64.rpm
sudo yum install libgfortran5-8.3.1-2.1.1.el7.x86_64.rpm -y
Install devtoolset-8 with nogpgcheck:(it would be much better to install the key for the repo)
sudo yum install -y devtoolset-8 --nogpgcheck
Finally enable the scl for devtoolset-8:
scl enable devtoolset-8 bash
Running this command shows both the gcc 7 and gcc 8 in the path:
which -a gcc
Output from which -a gcc
/opt/rh/devtoolset-8/root/usr/bin/gcc
/usr/bin/gcc
Can someone tell me how to upgrade HAProxy from 1.5.4 version to the latest version?
I'm using a virtual machine CentOS 6.5.
Thanks a lot ;)
HAProxy up to 1.5.4 is available for Centos via the package repository, so to get a newer version you will have to compile from source.
To upgrade to the latest version, you could follow these instructions to make your own installable package.
In summary:
sudo yum install rpmdevtools pcre-devel
rpmdev-setuptree
sudo yum groupinstall 'Development Tools'
sudo yum install openssl-devel
wget http://www.haproxy.org/download/1.6/src/haproxy-1.6.9.tar.gz
mv haproxy-1.6.9.tar.gz ~/rpmbuild/SOURCES/
git clone git://github.com/bluerail/haproxy-centos.git
cp haproxy-centos/conf/* ~/rpmbuild/SOURCES/
cp haproxy-centos/spec/* ~/rpmbuild/SPECS/
cd ~/rpmbuild/
rpmbuild -ba SPECS/haproxy.spec
The RPM should be available in ~/rpmbuild/RPMS/x86_64. You can install it like:
sudo rpm -Uvh RPMS/x86_64/haproxy-1.6-9.x86_64.rpm
Try the following yum command:
yum update haproxy
According to a quick repo search, this should update to HAProxy 1.5.4. Prove the version change with:
haproxy -v
After launching Ubuntu Server 14.04 LTS (HVM), I tried to install CUDA as following
wget http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1404/x86_64/cuda-repo-ubuntu1404_7.5-18_amd64.deb
sudo dpkg -i cuda-repo-ubuntu1404_7.5-18_amd64.deb
sudo apt-get update
sudo apt-get install -y cuda
export PATH=/usr/local/cuda-7.5/bin:$PATH
export LD_LIBRARY_PATH=/usr/local/cuda-7.5/lib64:$LD_LIBRARY_PATH
sudo reboot
Then I run a test
cuda-install-samples-7.5.sh .
cd ~/NVIDIA_CUDA-7.5_Samples/1_Utilities/deviceQuery
make
./deviceQuery
got the error:
modprobe: ERROR: could not insert 'nvidia_352': Unknown symbol in
module, or unknown parameter (see dmesg) cudaGetDeviceCount returned
38
-> no CUDA-capable device is detected
What could be wrong here?
Upgrade Ubuntu and install linux-image-extra before install nvidia-driver
sudo apt-get update && sudo apt-get -y upgrade
sudo apt-get install -y linux-image-extra-`uname -r`
It would appear that this is a known issue within CUDA 7.5 on AWS gpu instances. The short term work around seems to be to downgrade to CUDA 7 for the moment.
Edited in December 2015 to add that Robert Crovella from NVIDIA advises that CUDA 7.5 on EC2 g2.2xlarge should now be usable with a 352.63 or later driver. So a driver update should resolve the issue.
[This answer was assembled from comments and added as a community wiki entry to get this question off the unanswered list]