Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

SSH Connection Fails After OpenSSL on openEuler Is Upgraded to 1.1.1e

Symptom

After OpenSSL on openEuler 20.03 LTS is upgraded to 1.1.1e, the SSH connection fails.

Key Process and Cause Analysis

The default openssl.cnf file of the OpenSSL tool does not take effect because the file name is manually changed. You can run the following command to check whether the openssl.cnf file can be found:

1
find / -name "openssl.cnf"

Conclusion and Solution

The detailed OpenSSL installation process is as follows:

  1. Check the environment.

    OS: openEuler 20.03 LTS

    Hardware: Kunpeng server with 128 CPU cores

  2. Install OpenSSL and KAE by referring to Kunpeng Accelerator Engine User Guide.
  3. Check the version of OpenSSL built in the system.

  4. Use the built-in OpenSSL or upgrade it by referring to either of the following methods:
    • Method 1: using the built-in OpenSSL
      KAE supports OpenSSL 1.1.1d. You can use OpenSSL 1.1.1d built in the OS without upgrading it to OpenSSL 1.1.1e. The procedure is as follows:
      1. Install the local source.
        • If the server is not directly connected to the Internet, you are advised to use openEuler-20.03-LTS-everything-aarch64-dvd.iso to configure the local source.
        • If the server is directly connected to the Internet, skip this step.
      2. Install openssl-devel.
        1
        yum install -y openssl-devel
      3. Prepare the KAE environment for tests. For details, see "Installation Using Source Code" in Kunpeng Accelerator Engine User Guide.
    • Method 2: upgrading OpenSSL to 1.1.1e
      1. Install dependency packages by referring to "Installing OpenSSL/Tongsuo" in the Kunpeng Accelerator Engine User Guide.
        1. Download openssl-OpenSSL_1_1_1e.zip from the official website.
        2. Decompress the source package.
          1
          unzip openssl-OpenSSL_1_1_1e.zip

        3. Configure and install OpenSSL.
          1
          ./config --prefixm/usr/local/openssl_1

          1
          make

          1
          make install

      2. Configure the OpenSSL environment variables.

        Check the OpenSSL version.

        The command output shows that the version is 1.1.1d.
        1. Configure environment variables.

          Add the path to the newly installed OpenSSL to the end of the /etc/bashrc file.

          1
          vi /etc/bashrc

          export PATH=/usr/local/openssl_1/bin:$PATH

          Make the modification take effect.

          1
          source /etc/bashrc

          Run the export command to check the environment variables. You can find that the OpenSSL configuration path exists in PATH.

          Check the OpenSSL version again.

          The command output shows that the version is 1.1.1e.

        2. Switch the OpenSSL link to the new installation path.

          Back up the current OpenSSL.

          1
          mv /usr/bin/openssl /usr/bin/openssl.bak

          1
          mv /usr/include/openssl /usr/include/openssl.bak //It does not exist for certain scenarios.

          Use the new version.

          1
          ln -s /usr/local/openssl_1/bin/openssl /usr/bin/openssl

          1
          ln -s /usr/local/openssl_1/include/openssl /usr/include/openssl

          Check the OpenSSL version.

          OpenSSL 1.1.1e has not been successfully installed.

        3. Update the dynamic link library (DLL) data.

          In the configuration file /etc/ld.so.conf, set the lib path of OpenSSL to /usr/local/openssl_1/lib. Run the ldconfig –v command to make it take effect.

          Check the OpenSSL version again. If the following information is displayed, OpenSSL 1.1.1e has been installed.

        4. Export environment variables.

      3. Install KAEdriver-1.3.10.
        1. Go to the source code directory of KAEdriver-1.3.10 and install it.
          1
          cd kae_driver/

          1
          make

          1
          make install

        2. Go to the warpdrive directory and run the autogen.sh script. Run the ./configure command to configure the KAE driver.
          1
          cd warpdrive/

          1
          sh autogen.sh

          1
          ./configure

        3. Install the KAE driver.
          1
          make

          1
          make install

      4. Load the library.
        1
        lsmod | grep uace

      5. Install KAE-1.3.10.
        1. Go to the KAE-1.3.10 source package and grant the execution permission on the configure file.
          1
          chmod +x configure

        2. Configure the KAE installation path.
          1
          ./configure --openssl_path=/usr/local/openssl_1

          1
          make clean && make

          1
          make install

          When running the ./configure command, you must specify the path of the newly installed OpenSSL. Otherwise, the compilation fails.

      6. Install KAEzip-1.3.10.

        Go to the KAEzip-1.3.10 source code directory and run the setup.sh script to install KAEzip.

        1
        cd KAEzip-1.3.10

        1
        sh setup.sh install

      7. Check whether the KAE driver, KAE, and KAEzip are successfully installed.
        1
        ls -al /usr/local/lib/ | grep libwd

        1
        ls -al /usr/local/openssl_1/lib/engines-1.1

        1
        ls -al /sys/class/uacce

      8. Check whether the installation is successful.

        Run the hardware computing (computing using KAE) command in one of the windows.

        1
        openssl speed -engine kae rsa2048

        At the same time, run the following command in another window.

        1
        cat /sys/class/uacce/hisi_hpre-*/attrs/available_instances

        If "256 256" is displayed in the command output, the hardware computing queue is not consumed. In the preceding figure, "255 256" is displayed, indicating that one hardware computing queue has been consumed. It means that KAE has been successfully installed.

Parent topic: KAE Installation