The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenSSH Update Overwritten by CPanel

Discussion in 'General Discussion' started by Elikster, Aug 7, 2003.

  1. Elikster

    Elikster Well-Known Member

    Joined:
    Feb 8, 2003
    Messages:
    119
    Likes Received:
    1
    Trophy Points:
    18
    Okay.

    I got a major gripe with CPanel and I am considering charging them $75 for every server affected, since I have to pay DedNow to go and fix every god damn server that got OpenSSH downgraded from 3.6p1 and 3.6p2 back down to 3.1p1 during the nightly updates.

    I want them to rip that rpm dependancy crap out and put the old one in, since apparently, that new update caused more problems than it provided solutions since it put in whole bunch of RPMS that have absolutely no place in the Linux server like LPRng, YP and numerous other items plus overwriting some updated packages with their old one.

    So..I hope you are listening to me on this since you are creating lot more problems now than what it was earlier.

    cPanel.net Support Ticket Number:
     
  2. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    Did you previously upgrade the openssh yourself? If so, have you also disabled cpanel from updating software for you via the update prefs?

    On my cpanel 7.3 server:
    sshd -V:
    sshd version OpenSSH_3.1p1

    root@chubby [~]# rpm -qa | grep openssh
    openssh-3.1p1-8
    openssh-clients-3.1p1-8
    openssh-server-3.1p1-8

    From RedHat: http://rhn.redhat.com/errata/RHSA-2003-222.html

    3.1p1-8 is the latest patched version released by redhat.. at least for that version of redhat.

    I don't see 3.6p1 or 3.6p2 any where on that page.

    My point is, if your going to upgrade software on your own manually, then stop whatever automated systems are in place to do this for you. Else, you end up with problems.

    cPanel.net Support Ticket Number:
     
  3. mmkassem

    mmkassem Well-Known Member

    Joined:
    Oct 21, 2002
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Egypt
    # rpm -qa | grep openssh
    openssh-3.6.1p2-1
    openssh-clients-3.6.1p2-1
    openssh-server-3.6.1p2-1
    # sshd -V
    sshd: option requires an argument -- V
    sshd version OpenSSH_3.6.1p2

    cPanel.net Support Ticket Number:
     
  4. Elikster

    Elikster Well-Known Member

    Joined:
    Feb 8, 2003
    Messages:
    119
    Likes Received:
    1
    Trophy Points:
    18
    I fixed the problem by generating a new RPMs with 3.6.1p2 and installed it on all servers to update the RPM database so it stop it from overwriting it this time around.

    If anyone want it for 7.3 or 8.0, let me know and I will put it on the server for downloads. It is easy to update it. Reason I have to upgrade is due to several security holes in the OpenSSH versions that CPanel is been using plus I also preferred to use the Privilege Separation feature plus Compression for all servers, which is very useful.

    cPanel.net Support Ticket Number:
     
  5. mmkassem

    mmkassem Well-Known Member

    Joined:
    Oct 21, 2002
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Egypt
    yeah, please put them.

    cPanel.net Support Ticket Number:
     
  6. Juanra

    Juanra Well-Known Member

    Joined:
    Sep 22, 2001
    Messages:
    777
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Spain
    Please read the link that has been posted before: http://rhn.redhat.com/errata/RHSA-2003-222.html

    I'd assume that these RedHat RPMs that Cpanel uses are compiled by Linux security experts.

    cPanel.net Support Ticket Number:
     
  7. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    The RPMs that cpanel uses are from RedHat, and though they may not be labled the latest version, they are normally patched for any exploits that are found. Your beef is not with cpanel, but with redhat. Rather than releasing a newer version, what redhat does ( I believe ) is patch the current stable version for the OS untill they've found the latest stable versions to be stable enough. They do the same with kernels.

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page