3

I'm refering this this project: https://www.psc.edu/index.php/hpn-ssh

I'm running Debian 8, with OpenSSH_6.7p1 Debian-5+deb8u1, OpenSSL 1.0.1k 8 Jan 2015 and hpn-ssh doesn't have a patch for this version, does that mean I have to somehow downgrade openSSH and then compile an older version of openSSH?

Doesn't seem like the most secure option.

If so how would I go about doing this. (or is there a better way to copy large files quickly)

Mint
  • 476
  • 2
  • 9
  • 23

1 Answers1

3

Rather than downgrading, you could consider updating to the openSSH packages available in stretch (7.1), as I can see that HPN-SSH has patches available for that version at http://sourceforge.net/projects/hpnssh/files/?source=navbar (I wonder why 6.7 is skipped?) In theory this is a bit risky as you're not using the declared stable packages, but in practice testing is pretty damn stable itself - debian's quite conservative about what goes into the repositories and what's considered stable.

In short - add the stretch repositories to your apt sources, set pinning information in apt preferences so apt will still prefer packages from stable, and then manually get the packages from testing by referring to them as openssh/testing in your apt commands.

Carcer
  • 957
  • 6
  • 12
  • mmm, this might well work, this isn't a production server so I can take a few risks. I'll give it a try. – Mint Jan 21 '16 at 10:30
  • hmm, I get stuck when running ./configure `checking OpenSSL header version... 20000000 (LibreSSL 2.2.0) checking OpenSSL library version... 100010bf (OpenSSL 1.0.1k 8 Jan 2015) checking whether OpenSSL's headers match the library... no configure: error: Your OpenSSL headers do not match your library. Check config.log for details. If you are sure your installation is consistent, you can disable the check by running "./configure --without-openssl-header-check". Also see contrib/findssl.sh for help identifying header/library mismatches. ` any ideas? – Mint Jan 21 '16 at 11:59
  • 1
    Maybe try installing libssl-dev from testing too? And does the findssl.sh helper give you any useful information? – Carcer Jan 21 '16 at 19:40
  • Tried installing libssl-dev, same result. Here is the output of findssl.sh http://pastebin.com/KQZ2ADwW (I don't really understand any of it) – Mint Jan 21 '16 at 23:31
  • 2
    Try doing `./configure --with-ssl-dir="/usr/local/lib/"`. Essentially, your system has multiple versions of openssl in there, and the headers ./configure is finding don't match up with the library version it's trying to use by default; with this option we are pointing it to the version found by the findssl.sh script which does match the headers it wants to use. Though you might want to try `updatedb.mlocate` and then run `findssl.sh` again in case the output changes. – Carcer Jan 22 '16 at 00:44
  • Legendary! It worked, and thank you for explaining it. – Mint Jan 22 '16 at 00:55