Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenSSH package not being updated

Discussion in 'General Discussion' started by webworker, Jun 26, 2017.

  1. webworker

    webworker Registered

    Joined:
    Feb 8, 2017
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United States
    cPanel Access Level:
    Root Administrator
    Hello,

    I'm currently managing a server that's running WHM 64.0 build 24 on CentOS 6.8. The system's OpenSSH is stuck on openssh-5.3p1-118.1.el6_8.x86_64 while openssh-5.3p1-122.el6.x86_64 is available on the CentOS system-continuous-release repo.

    Our server management company's support team tells us it's being held back by the cPanel CentOS repo to prevent the server breaking so I've left it as is for the moment.

    It does give the following warning "4 packages excluded due to repository priority protections" when poking around at what updates are available and I was wondering if there's something that should be modified that would allow cPanel to update system packages like OpenSSH. WHM Server Configuration -> Update Preferences is currently set up to automatically update operating system packages.

    Thanks for any insight!
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The "openssh" RPM is handled by your Operating System as opposed to cPanel. Could you let us know the contents of the "exclude=" line in your /etc/yum.conf file? Also, could you provide more information about the YUM repo files you are using in the /etc/yum.repos.d directory?

    Thank you.
     
  3. webworker

    webworker Registered

    Joined:
    Feb 8, 2017
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United States
    cPanel Access Level:
    Root Administrator
    Hi,

    I figured as much, it's why this is a little strange.

    The exclude line is as follows:

    Code:
    exclude=bind-chroot centos-yumconf courier* dovecot* exim* filesystem httpd* mod_ssl* mydns* mysql* nsd* p0f perl* php* proftpd* pure-ftpd* spamassassin* squirrelmail*
    There are 8 repo files most of which appear to be cPanel related:

    EA4.repo, kernelcare.repo, kernelcare.repo.rpmnew, cpanel-plugins.repo, cPaddons.repo, MariaDB100.repo

    two of the files are host specific:

    Code:
    [stable-generic]
    name= Stable Generic Packages
    baseurl=http://syspackages.sourcedns.com/packages/stable/generic/noarch/
    gpgcheck=1
    priority=2
    
    [stable-arch]
    name= Stable Arch Specific Packages
    baseurl=http://syspackages.sourcedns.com/packages/stable/centos/6/$basearch/
    gpgcheck=1
    priority=2
    
    [stable-noarch]
    name= Stable Distro Specific Non-Architecture Specific Packages
    baseurl=http://syspackages.sourcedns.com/packages/stable/centos/6/noarch/
    gpgcheck=1
    priority=2
    
    Code:
    [system-base]
    name=CentOS-$releasever - $basearch - Base
    baseurl=http://syspackages.sourcedns.com/packages/mirrors/centos/6/os/$basearch/
    gpgcheck=1
    priority=3
    
    [system-updates]
    name=CentOS-$releasever - $basearch - Released Updates
    baseurl=http://syspackages.sourcedns.com/packages/mirrors/centos/6/updates/$basearch/
    gpgcheck=1
    priority=3
    
    [system-continuous-release]
    name=CentOS-$releasever - $basearch - Continuously Released Updates
    baseurl=http://syspackages.sourcedns.com/packages/mirrors/centos/6/cr/$basearch/
    gpgcheck=1
    priority=3
    
    [system-extras]
    name=CentOS-$releasever - $basearch - Extras
    baseurl=http://syspackages.sourcedns.com/packages/mirrors/centos/6/extras/$basearch/
    gpgcheck=1
    priority=3
    
    repoquery -i openssh lists openssh-5.3p1-122.el6.x86_64 as available on system-continuous-release but refreshing my understanding of the yum priority listings it's probably being held back by a repo with priority 2 so it probably doesn't have anything to do with cPanel :)
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    It's generally a good idea to use the base YUM repos for CentOS on production systems with cPanel. The continuous-release REPO can lead to these types of issues.

    Thank you.
     
Loading...

Share This Page