To resolve the inconsistency between OpenSSL version and SSL version shown by ssh –V after a successful upgrade, follow these steps:
- Verify Displayed Versions:
-
Run ssh –V to check both OpenSSH and OpenSSL versions.
-
Check Executable Paths:
-
Use which ssh and which openssl to ensure they point to the correct, updated binaries.
-
Inspect Package Managers:
- For Debian/Ubuntu: Check with dpkg —get–selections | grep openssh.
-
For RedHat/CentOS: Use rpm –q openssh–server openssl.
-
Review Configuration Files:
-
Examine /etc/ssh/sshd_config for directives that might affect SSL/TLS, such as Ciphers or Protocol settings.
-
Assess Upgrade Process:
-
Confirm if the upgrade was done via package manager ( apt, yum) or manually, ensuring all necessary files were updated.
-
Check Library Dependencies:
-
Use commands like ldd /usr/bin/ssh | grep ssl to verify which OpenSSL libraries are being used.
-
Reinstall Affected Packages (if needed):
-
If discrepancies persist, reinstall OpenSSH and OpenSSL using your system’s package manager.
-
Consult Logs for Errors:
- Review upgrade logs in /var/log/apt/ or /var/log/yum/, and check SSH server logs post-upgrade for negotiation issues.
By systematically addressing each of these areas, you can identify the root cause of the version inconsistency and take appropriate corrective actions.