Question

Ubuntu 14 - SSH stopped working after updating openssl

I ran the usual update sequence of apt update && apt upgrade && apt-dist upgrade and right after that my script has a routine that makes a git pull and then backs its runtime logs up by pushing to git, and that right from that update stopped working with error:

139890995726016:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:185:filename(libssl_conf.so): libssl_conf.so: cannot open shared object file: No such file or directory
139890995726016:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:
139890995726016:error:0E07506E:configuration file routines:MODULE_LOAD_DSO:error loading dso:conf_mod.c:285:module=ssl_conf, path=ssl_conf
139890995726016:error:0E076071:configuration file routines:MODULE_RUN:unknown module name:conf_mod.c:222:module=ssl_conf
fatal: Could not read from remote repository.

The bigger problem is I now cannot ssh into my server.

What can I do? Please help!

Is the server lost?

This is the SSL relevant apt-upgrade section:

The following packages will be upgraded:
  libapache2-mod-php7.0 libssl-dev libssl-doc libssl1.1 openssl php7.0
  php7.0-cli php7.0-common php7.0-curl php7.0-json php7.0-mysql php7.0-opcache
  php7.0-readline php7.0-xml php7.0-zip php7.1-cli php7.1-common php7.1-json
  php7.1-opcache php7.1-readline php7.1-xml php7.2-cli php7.2-common
  php7.2-json php7.2-opcache php7.2-readline php7.2-xml php7.2-zip tzdata
29 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 14.8 MB of archives.
After this operation, 1,871 kB of additional disk space will be used.
Get:1 http://ppa.launchpad.net/ondrej/apache2/ubuntu/ trusty/main libssl-doc all 1.1.1-1+ubuntu14.04.1+deb.sury.org+0.1 [1,736 kB]
Get:2 http://mirrors.digitalocean.com/ubuntu/ trusty-updates/main tzdata all 2018f-0ubuntu0.14.04 [165 kB]
Get:3 http://ppa.launchpad.net/ondrej/apache2/ubuntu/ trusty/main libssl-dev amd64 1.1.1-1+ubuntu14.04.1+deb.sury.org+0.1 [1,769 kB]
Get:4 http://ppa.launchpad.net/ondrej/apache2/ubuntu/ trusty/main libssl1.1 amd64 1.1.1-1+ubuntu14.04.1+deb.sury.org+0.1 [1,490 kB]
Get:5 http://ppa.launchpad.net/ondrej/php/ubuntu/ trusty/main libapache2-mod-php7.0 amd64 7.0.32-3+ubuntu14.04.1+deb.sury.org+1 [1,195 kB]
Get:6 http://ppa.launchpad.net/ondrej/php/ubuntu/ trusty/main php7.0-cli amd64 7.0.32-3+ubuntu14.04.1+deb.sury.org+1 [1,254 kB]
Get:7 http://ppa.launchpad.net/ondrej/php/ubuntu/ trusty/main php7.0-common amd64 7.0.32-3+ubuntu14.04.1+deb.sury.org+1 [881 kB]
Get:8 http://ppa.launchpad.net/ondrej/php/ubuntu/ trusty/main php7.0-json amd64 7.0.32-3+ubuntu14.04.1+deb.sury.org+1 [17.2 kB]
Get:9 http://ppa.launchpad.net/ondrej/php/ubuntu/ trusty/main php7.0-opcache amd64 7.0.32-3+ubuntu14.04.1+deb.sury.org+1 [77.5 kB]
Get:10 http://ppa.launchpad.net/ondrej/php/ubuntu/ trusty/main php7.0-readline amd64 7.0.32-3+ubuntu14.04.1+deb.sury.org+1 [12.3 kB]
Get:11 http://ppa.launchpad.net/ondrej/apache2/ubuntu/ trusty/main openssl amd64 1.1.1-1+ubuntu14.04.1+deb.sury.org+0.1 [820 kB]
Show comments
Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

janaaaf27128f096c7b47fa0f7October 28, 2018
Accepted Answer

Not solved but cannot edit anymore: it appears the new packages are buggy (updated on the Sury repository 14 hours ago). Downgrading openssl and libssl1.1 to previous versions returned git to fucntion, still no ssh.

$ openssl version
OpenSSL 1.1.1  11 Sep 2018
$ sudo apt install openssl=1.1.0h-2.0+ubuntu14.04.1+deb.sury.org+1
$ openssl version
=> OpenSSL 1.1.0h  27 Mar 2018 (Library: OpenSSL 1.1.1  11 Sep 2018)
This fixed git.

edit:

Downgrading everything openssl-related and restarting SSH solves the issue.

In case someone lands here, all the previous versions of packages are logged in /var/log/apt/history.log

libssl1.1:amd64 (1.1.0h-2.0+ubuntu14.04.1+deb.sury.org+1, 1.1.1-1+ubuntu14.04.1+deb.sury.org+0.1)
libssl-dev:amd64 (1.1.0h-2.0+ubuntu14.04.1+deb.sury.org+1, 1.1.1-1+ubuntu14.04.1+deb.sury.org+0.1)
libssl-doc:amd64 (1.1.0h-2.0+ubuntu14.04.1+deb.sury.org+1, 1.1.1-1+ubuntu14.04.1+deb.sury.org+0.1)
openssl:amd64 (1.1.0h-2.0+ubuntu14.04.1+deb.sury.org+1, 1.1.1-1+ubuntu14.04.1+deb.sury.org+0.1)

and then sudo service ssh restart

Correct open ports:

$ netstat -tlpn
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      -
tcp6       0      0 :::80                   :::*                    LISTEN      -
tcp6       0      0 :::22                   :::*                    LISTEN      -
tcp6       0      0 ::1:25                  :::*                    LISTEN      -
tcp6       0      0 :::443                  :::*                    LISTEN      -
Tarek FadelOctober 28, 2018

This comment has been deleted