Question

Ubuntu 14 - SSH stopped working after updating openssl

I ran the usual update sequence of apt update && apt upgrade && apt-dist upgrade and right after that my script has a routine that makes a git pull and then backs its runtime logs up by pushing to git, and that right from that update stopped working with error:

139890995726016:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:185:filename(libssl_conf.so): libssl_conf.so: cannot open shared object file: No such file or directory
139890995726016:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:
139890995726016:error:0E07506E:configuration file routines:MODULE_LOAD_DSO:error loading dso:conf_mod.c:285:module=ssl_conf, path=ssl_conf
139890995726016:error:0E076071:configuration file routines:MODULE_RUN:unknown module name:conf_mod.c:222:module=ssl_conf
fatal: Could not read from remote repository.

The bigger problem is I now cannot ssh into my server.

What can I do? Please help!

Is the server lost?

This is the SSL relevant apt-upgrade section:

The following packages will be upgraded:
  libapache2-mod-php7.0 libssl-dev libssl-doc libssl1.1 openssl php7.0
  php7.0-cli php7.0-common php7.0-curl php7.0-json php7.0-mysql php7.0-opcache
  php7.0-readline php7.0-xml php7.0-zip php7.1-cli php7.1-common php7.1-json
  php7.1-opcache php7.1-readline php7.1-xml php7.2-cli php7.2-common
  php7.2-json php7.2-opcache php7.2-readline php7.2-xml php7.2-zip tzdata
29 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 14.8 MB of archives.
After this operation, 1,871 kB of additional disk space will be used.
Get:1 http://ppa.launchpad.net/ondrej/apache2/ubuntu/ trusty/main libssl-doc all 1.1.1-1+ubuntu14.04.1+deb.sury.org+0.1 [1,736 kB]
Get:2 http://mirrors.digitalocean.com/ubuntu/ trusty-updates/main tzdata all 2018f-0ubuntu0.14.04 [165 kB]
Get:3 http://ppa.launchpad.net/ondrej/apache2/ubuntu/ trusty/main libssl-dev amd64 1.1.1-1+ubuntu14.04.1+deb.sury.org+0.1 [1,769 kB]
Get:4 http://ppa.launchpad.net/ondrej/apache2/ubuntu/ trusty/main libssl1.1 amd64 1.1.1-1+ubuntu14.04.1+deb.sury.org+0.1 [1,490 kB]
Get:5 http://ppa.launchpad.net/ondrej/php/ubuntu/ trusty/main libapache2-mod-php7.0 amd64 7.0.32-3+ubuntu14.04.1+deb.sury.org+1 [1,195 kB]
Get:6 http://ppa.launchpad.net/ondrej/php/ubuntu/ trusty/main php7.0-cli amd64 7.0.32-3+ubuntu14.04.1+deb.sury.org+1 [1,254 kB]
Get:7 http://ppa.launchpad.net/ondrej/php/ubuntu/ trusty/main php7.0-common amd64 7.0.32-3+ubuntu14.04.1+deb.sury.org+1 [881 kB]
Get:8 http://ppa.launchpad.net/ondrej/php/ubuntu/ trusty/main php7.0-json amd64 7.0.32-3+ubuntu14.04.1+deb.sury.org+1 [17.2 kB]
Get:9 http://ppa.launchpad.net/ondrej/php/ubuntu/ trusty/main php7.0-opcache amd64 7.0.32-3+ubuntu14.04.1+deb.sury.org+1 [77.5 kB]
Get:10 http://ppa.launchpad.net/ondrej/php/ubuntu/ trusty/main php7.0-readline amd64 7.0.32-3+ubuntu14.04.1+deb.sury.org+1 [12.3 kB]
Get:11 http://ppa.launchpad.net/ondrej/apache2/ubuntu/ trusty/main openssl amd64 1.1.1-1+ubuntu14.04.1+deb.sury.org+0.1 [820 kB]
Subscribe
Share

I’ve got error trying to execute:

$ sudo apt install openssl=1.1.0h-2.0+ubuntu14.04.1+deb.sury.org+1
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Version '1.1.0h-2.0+ubuntu14.04.1+deb.sury.org+1' for 'openssl' was not found

I had to run first:

$ apt-cache policy openssl
openssl:
  Installed: 1.0.1f-1ubuntu2.26
  Candidate: 1.1.1-1+ubuntu14.04.1+deb.sury.org+0.1
  Version table:
 *** 1.1.1-1+ubuntu14.04.1+deb.sury.org+0.1 0
        500 http://ppa.launchpad.net/ondrej/apache2/ubuntu/ trusty/main amd64 Packages
     1.0.1f-1ubuntu2.26 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
        100 /var/lib/dpkg/status
     1.0.1f-1ubuntu2 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages

Then I downgrade openssl to 1.0.1f-1ubuntu2.26 running the following command:

$ sudo apt-get install openssl=1.0.1f-1ubuntu2.26

Finally:

$ sudo service ssh restart

:)

we have to wait for the new corrected package…

Corrected packages are up.

Broken: 1.1.1-1+ubuntu14.04.1+deb.sury.org+1

Current: 1.1.1-1+ubuntu14.04.1+deb.sury.org+2

This is definitely an issue with open ssl 1.1.1 I am getting exactly the same issue on 14.04.1 after a apt dist-upgrade

Cannot roll back as the old version is no longer available in the packages.

Can we please get the old version (1.1.0h) be available so we can downgrade?

I mean, I am still logged in with that session it didn’t kick me out. I just don’t understand what happened and how to restore my SSH access. The server needs to be managed, it is used by a business.

That does not solve the problem.

Did you try using the console from the control panel to access your server? https://www.digitalocean.com/docs/droplets/how-to/connect-with-console/


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Not solved but cannot edit anymore: it appears the new packages are buggy (updated on the Sury repository 14 hours ago). Downgrading openssl and libssl1.1 to previous versions returned git to fucntion, still no ssh.

$ openssl version
OpenSSL 1.1.1  11 Sep 2018
$ sudo apt install openssl=1.1.0h-2.0+ubuntu14.04.1+deb.sury.org+1
$ openssl version
=> OpenSSL 1.1.0h  27 Mar 2018 (Library: OpenSSL 1.1.1  11 Sep 2018)
This fixed git.

edit:

Downgrading everything openssl-related and restarting SSH solves the issue.

In case someone lands here, all the previous versions of packages are logged in /var/log/apt/history.log

libssl1.1:amd64 (1.1.0h-2.0+ubuntu14.04.1+deb.sury.org+1, 1.1.1-1+ubuntu14.04.1+deb.sury.org+0.1)
libssl-dev:amd64 (1.1.0h-2.0+ubuntu14.04.1+deb.sury.org+1, 1.1.1-1+ubuntu14.04.1+deb.sury.org+0.1)
libssl-doc:amd64 (1.1.0h-2.0+ubuntu14.04.1+deb.sury.org+1, 1.1.1-1+ubuntu14.04.1+deb.sury.org+0.1)
openssl:amd64 (1.1.0h-2.0+ubuntu14.04.1+deb.sury.org+1, 1.1.1-1+ubuntu14.04.1+deb.sury.org+0.1)

and then sudo service ssh restart

Correct open ports:

$ netstat -tlpn
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      -
tcp6       0      0 :::80                   :::*                    LISTEN      -
tcp6       0      0 :::22                   :::*                    LISTEN      -
tcp6       0      0 ::1:25                  :::*                    LISTEN      -
tcp6       0      0 :::443                  :::*                    LISTEN      -

This comment has been deleted