- Red Hat Enterprise Linux 5
- OpenSSH update RHEA-2010:0683 (https://rhn.redhat.com/errata/RHEA-2010-0683.html)
- A change in the behavior in the openssh package included in the RHEA-2010:0683 update (openssh-4.3p2-41.el5_5.1) prevents some systems from starting the sshd daemon when using a modified openssl.cnf file.
- Use an explicit openssl.cnf file for home certificate authority (CA). The updated openssh package (sshd command) now reads the openssl.cnf configuration file via the openssl library (openssl-0.9.8e-12.el5_4.6) in order to load the hardware cryptographic modules that can be configured there.
A custom openssl.cnf file containing references to environment variables (such as ENV_TYPE) not present in the sshd process environment could result in error messages such as the following:
1578:error:0E065068:configuration file routines:STR_COPY:variable value:conf_def.c:629:line 176
This error was due to the following line in the openssl.cnf file:
nsCertType = $ENV::ENV_TYPE
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.