search

mfe- / ReadyNASDuoSparc

Binaries, scripts for Netgear ReadyNASDuo v1
34 stars 8 forks source link

openssl incorrect package/version? #8

Closed Unixware closed 2 weeks ago

Unixware commented 2 weeks ago

ok 'dead' project but ... anyway.

installed the openssl deb package but still on the NAS shows the version as 0.9.8... so I really have no clue what's going on

OpenSSL> version OpenSSL 0.9.8o 01 Jun 2010 OpenSSL> quit

thanks

billsargent commented 2 weeks ago

Where did the debian package place the openssl binary and libraries? its been awhile since I've even looked at my readynas... but If I remember the locations are not the same as a regular debian install.

Unixware commented 2 weeks ago

thanks !! your are right, I did not notice that! they are placed on /usr/local/ssl/bin I had the impression I could update the built-in openssl with this version, is this possible anyway ?

mfe- commented 2 weeks ago

@Unixware , it's possible to have multiple versions of the same library installed in parallel. I recommend not removing or replacing the old version of OpenSSL as it might break other applications that depend on this version. It should be sufficient to point to the required OpenSSL version by using environment variables like PATH or LD_LIBRARY_PATH, or even setting the absolute path to the required library.

What are you trying to achieve?

Unixware commented 2 weeks ago

thanks got it. I am unable to log in to the NAS from a CENTOS workstation due to restricted legacy SSH access. I was wondering if it would be possible to resolve this by using a newer version on the NAS, no worries anyway

mfe- commented 2 weeks ago

thanks got it. I am unable to log in to the NAS from a CENTOS workstation due to restricted legacy SSH access. I was wondering if it would be possible to resolve this by using a newer version on the NAS, no worries anyway

you should be able to login with CENTOS by using the command ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 [INSERTIPADDRESSHERE] -l root.

I recently compiled an up-to-date version of OpenSSH (with Openssl) that meets current security standards, so you don't need to rely on old, outdated cryptography. However you do need some linux knowledge to install and set-up the openssh server

Unixware commented 2 weeks ago

thanks, anyway - just for the record- I solved it by adding a custom config file for the ssh with the NAS:

`

custom_config

.include /etc/ssl/openssl.cnf [openssl_init] alg_section = evp_properties [evp_properties] rh-allow-sha1-signatures = yes `

then connect to NAS via :+1: `

OPENSSL_CONF=custom_config ssh readynas_IP -l root

so no changing the whole system policy.