当前位置: 首页 > article >正文

【大数据开发运维解决方案】ssh: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b问题解决过程

article 2024/11/15 13:28:01

文章目录

  • 前言
  • 一、问题描述
  • 二、原因分析
  • 三、解决方案
  • 总结

前言

近期在做信创工作,运维Informatica的同事,在之前我为他做了个华为fusioninsight集群内节点与其Informatica服务器的infa用户的ssh免密通信。近期Informatica要对接Gaussdb。

一、问题描述

运维Informatica的同事,在之前我为他做了个华为fusioninsight集群内节点与其Informatica服务器的infa用户的ssh免密通信。近期Informatica要对接Gaussdb。他在infa用户下创建了用来放Gaussdb的动态库 文件/home/infa/gaussdb/lib目录,但是在.bashrc文件中增加相关LD_LIBRARY_PATH配置后,再次执行ssh命令报下面错误:

[infa@etltest5 ~]$ ssh
ssh: symbol lookup error: ssh: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b

二、原因分析

在同事给我反馈问题后,我登录服务器后先看了下其.bashrc文件环境变量配置如下:

export PATH=$PATH:/usr/local/oracle/instantclient_11_2
export ORACLE_HOME=/usr/local/oracle/instantclient_11_2
export ORACLE_BASE=/usr/local/oracle/instantclient_11_2
export LD_LIBRARY_PATH=/usr/local/oracle/instantclient_11_2
export TNS_ADMIN=/usr/local/oracle/instantclient_11_2
export NLS_LANG="SIMPLIFIED CHINESE_CHINA.ZHS16GBK"
export INFA_CODEPAGENAME=MS936
export PM_CODEPAGENAME=MS936
export LANG=C
export LC_ALL=C
export LD_LIBRARY_PATH=/usr/local/oracle/instantclient_11_2:/home/infa/gaussdb/lib:$LD_LIBRARY_PATH
export INFA_HOME=/home/infa/Informatica/10.2.0
export ODBCHOME=/home/infa/Informatica/10.2.0/ODBC7.1
export LIB_PATH=$LIB_PATH:$ODBCHOME/lib
export SHLIB_PATH=$SHLIB_PATH:$ODBCHOME/lib
export PATH=$PATH:$ODBCHOME/bin:$ODBCHOME/tools:$INFA_HOME/server/bin
export ODBCINI=$ODBCHOME/odbc.ini
export ODBCINST=$ODBCHOME/odbcinst.ini
export DD_INSTALLDIR=/home/infa/Informatica/10.2.0/ODBC7.1
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ODBCHOME/lib:$INFA_HOME/server/bin

起码看着配置文件中的环境变量配置没有问题,于是手动执行ssh命令:


[infa@etltest5 ~]$ source .bashrc
[infa@etltest5 ~]$ ssh
ssh: symbol lookup error: ssh: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b

果然报错,然后我修改了其LD_LIBRARY_PATH,将/home/infa/gaussdb/lib配置给删除,然后再次执行:

[infa@etltest5 ~]$ vim .bashrc
[infa@etltest5 ~]$ source .bashrc
[infa@etltest5 ~]$ ssh
usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
           [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]
           [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]
           [-i identity_file] [-J [user@]host[:port]] [-L address]
           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
           [-Q query_option] [-R address] [-S ctl_path] [-W host:port]
           [-w local_tun[:remote_tun]] destination [command]

这次执行ssh命令是可以正常的,根据上面简单测试,我猜测出现此问题的可能性是因为指定/home/infa/gaussdb/lib动态库文件后,/usr/bin/ssh的动态库文件在/usr/bin/ssh执行的时候被指定错了而不是缺少,因为前面测试了去掉此库路径配置是正常的!
那怎么看ssh的动态库是否指定正确呢?
这里介绍一个命令ldd。在linux中, ldd是list, dynamic, dependencies的缩写, 意思是:列出动态库依赖关系。各位可以用ldd –help或者man ldd来看其用法。我这里就不列详细用法了~
现在先来看下正常情况下/usr/bin/ssh的动态库引用:

[infa@etltest5 ~]$ ldd /usr/bin/ssh
	linux-vdso.so.1 (0x00007ffc5b1f9000)
	libcrypto.so.1.1 => /lib64/libcrypto.so.1.1 (0x00007fa46d15f000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00007fa46cf5b000)
	libutil.so.1 => /lib64/libutil.so.1 (0x00007fa46cd57000)
	libz.so.1 => /lib64/libz.so.1 (0x00007fa46cb3f000)
	libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007fa46c916000)
	libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fa46c6ff000)
	libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fa46c4d5000)
	libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007fa46c280000)
	libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007fa46bf96000)
	libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007fa46bd7f000)
	libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fa46bb7b000)
	libc.so.6 => /lib64/libc.so.6 (0x00007fa46b7b6000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fa46b596000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fa46d906000)
	libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fa46b312000)
	libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007fa46b101000)
	libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007fa46aefd000)

从上面输出结果可以看到,/usr/bin/ssh命令实际指向的都是/lib64下的库文件。
而现在报错时候的/usr/bin/ssh命令指向的文件:

[infa@etltest5 ~]$ ldd /usr/bin/ssh
	linux-vdso.so.1 (0x00007fffb17e4000)
	libcrypto.so.1.1 => /home/infa/gaussdb/lib/libcrypto.so.1.1 (0x00007f0990162000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00007f098ff5e000)
	libutil.so.1 => /lib64/libutil.so.1 (0x00007f098fd5a000)
	libz.so.1 => /lib64/libz.so.1 (0x00007f098fb42000)
	libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f098f919000)
	libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f098f702000)
	libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f098f4d8000)
	libgssapi_krb5.so.2 => /home/infa/Informatica/10.2.0/server/bin/libgssapi_krb5.so.2 (0x00007f098f290000)
	libkrb5.so.3 => /home/infa/Informatica/10.2.0/server/bin/libkrb5.so.3 (0x00007f098efbd000)
	libk5crypto.so.3 => /home/infa/Informatica/10.2.0/server/bin/libk5crypto.so.3 (0x00007f098ed8e000)
	libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f098eb8a000)
	libc.so.6 => /lib64/libc.so.6 (0x00007f098e7c5000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f098e5a5000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f09906df000)
	libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f098e321000)
	libcom_err.so.3 => /home/infa/Informatica/10.2.0/server/bin/libcom_err.so.3 (0x00007f098e11e000)
	libkrb5support.so.0 => /home/infa/Informatica/10.2.0/server/bin/libkrb5support.so.0 (0x00007f098df13000)
	libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f098dd0f000)

从上面输出结果可以看出,一部分指向的文件指到了/home/infa/gaussdb/lib下了,所以报错了。

三、解决方案

我这里的解决办法就是在.bashrc的最后将正确的/usr/bin/ssh的*.so文件指向的文件所在的文件夹放到LD_LIBRARY_PATH最后一次配置的最前面,例如:

export LD_LIBRARY_PATH=/lib64/:$LD_LIBRARY_PATH:$ODBCHOME/lib:$INFA_HOME/server/bin

所以,最后正确的.bashrc配置应该如下:

export PATH=$PATH:/usr/local/oracle/instantclient_11_2
export ORACLE_HOME=/usr/local/oracle/instantclient_11_2
export ORACLE_BASE=/usr/local/oracle/instantclient_11_2
export LD_LIBRARY_PATH=/usr/local/oracle/instantclient_11_2
export TNS_ADMIN=/usr/local/oracle/instantclient_11_2
export NLS_LANG="SIMPLIFIED CHINESE_CHINA.ZHS16GBK"
export INFA_CODEPAGENAME=MS936
export PM_CODEPAGENAME=MS936
export LANG=C
export LC_ALL=C
#export LD_LIBRARY_PATH=/usr/local/oracle/instantclient_11_2:/home/infa/software/lib/:$LD_LIBRARY_PATH
#export LD_LIBRARY_PATH=/usr/local/oracle/instantclient_11_2:/home/infa/gaussdb/lib:$LD_LIBRARY_PATH
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/oracle/instantclient_11_2:/home/infa/gaussdb/lib
export INFA_HOME=/home/infa/Informatica/10.2.0
export ODBCHOME=/home/infa/Informatica/10.2.0/ODBC7.1
export LIB_PATH=$LIB_PATH:$ODBCHOME/lib
export SHLIB_PATH=$SHLIB_PATH:$ODBCHOME/lib
export PATH=$PATH:$ODBCHOME/bin:$ODBCHOME/tools:$INFA_HOME/server/bin
export ODBCINI=$ODBCHOME/odbc.ini
export ODBCINST=$ODBCHOME/odbcinst.ini
export DD_INSTALLDIR=/home/infa/Informatica/10.2.0/ODBC7.1
export LD_LIBRARY_PATH=/lib64/:$LD_LIBRARY_PATH:$ODBCHOME/lib:$INFA_HOME/server/bin

环境变量配置好后,再次执行:

[infa@etltest5 ~]$ vim .bashrc
[infa@etltest5 ~]$ source .bashrc
[infa@etltest5 ~]$ ssh
usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
           [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]
           [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]
           [-i identity_file] [-J [user@]host[:port]] [-L address]
           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
           [-Q query_option] [-R address] [-S ctl_path] [-W host:port]
           [-w local_tun[:remote_tun]] destination [command]
[infa@etltest5 ~]$ ldd /usr/bin/ssh
	linux-vdso.so.1 (0x00007ffc5b1f9000)
	libcrypto.so.1.1 => /lib64/libcrypto.so.1.1 (0x00007fa46d15f000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00007fa46cf5b000)
	libutil.so.1 => /lib64/libutil.so.1 (0x00007fa46cd57000)
	libz.so.1 => /lib64/libz.so.1 (0x00007fa46cb3f000)
	libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007fa46c916000)
	libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fa46c6ff000)
	libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fa46c4d5000)
	libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007fa46c280000)
	libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007fa46bf96000)
	libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007fa46bd7f000)
	libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fa46bb7b000)
	libc.so.6 => /lib64/libc.so.6 (0x00007fa46b7b6000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fa46b596000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fa46d906000)
	libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fa46b312000)
	libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007fa46b101000)
	libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007fa46aefd000)

可以看到,ssh命令可以正常执行,并且文件指向也都正确了。

总结

生产环境要谨慎,我没有删除/home/infa/gaussdb/lib冲突的文件,而是手动指定了查找优先级。


http://www.kler.cn/a/9452.html

相关文章:

  • 网络技术-定义配置ACL规则的语法和命令
  • 「Mac玩转仓颉内测版12」PTA刷题篇3 - L1-003 个位数统计
  • Java 责任链模式 减少 if else 实战案例
  • SQL 中 BETWEEN AND 用于字符串的理解
  • Bugku CTF_Web——点login咋没反应
  • Vector 深度复制记录
  • 【Java面试八股文宝典之RabbitMQ篇】备战2023 查缺补漏 你越早准备 越早成功!!!——Day17
  • QT桌面的构建
  • es6和commonJs的区别
  • 医院设备管理的数字化转型:二维码巡检系统的实施与应用
  • 【Java数据结构】线性表-顺序表
  • gopls有没有什么很强大但是默认不开启的功能?
  • cursor.execute 执行两个结果并存储给变量
  • 【c语言】二维数组
  • SpringBoot案例
  • 从零开始学架构——高性能缓存架构
  • 【前端面试专题】【5】Vue3
  • sqlmap使用(以sqli-lab为例)
  • 【Leetcode之路 | Java Python】两数之和(暴力枚举哈希表)
  • 基于发票增值税OCR API设计自动识别应用系统,从此解放财务双手
  • 【图像分割】Segment Anything(Meta AI)论文解读
  • 经典文献阅读之--Bidirectional Camera-LiDAR Fusion(Camera-LiDAR双向融合新范式)
  • Java -- System类和冒泡排序
  • SpringBoot集成ChatGPT实现AI聊天
  • 护眼灯真的可以保护眼睛吗?推荐五款达到护眼级别的灯
  • SVN