You've possibly been hacked or compromised. This can be verified with "rpm -vV openssh-server" (do the same for openssh and openssh-clients). Look at the checksum on the sshd binary. Hackers/rootkits will often replace the sshd binary with a Trojaned version and set the immutable flag on the file to prevent it from being removed.
Please take a look at the attributes on /usr/sbin/sshd binary by running "lsattr /usr/sbin/sshd". You will possibly see an "a", "u", "i" and "s" in the output. Running "chattr -uisa" on the same file should remove the immutable flag and allow you to run the rpm installation. This will get you past that step, but it will make sense to check the system for other evidence of rootkits. See chkrootkit and maybe running a full rpm verification across the system. Edmund White On Mar 30, 2012, at 8:25 AM, "George Pochiscan" <george.pochis...@spearheadsystems.ro> wrote: > Hello, > > I have an RHEL 5.7 server and I can't update the openssh-server to > openssh-server-4.3p2-82.el5.x86_64 from openssh-server-4.3p2-72.el5_6.3 > > I have the following error: > > Running Transaction > Updating : openssh-server > > 1/2 > Error unpacking rpm package openssh-server-4.3p2-82.el5.x86_64 > warning: /etc/ssh/sshd_config created as /etc/ssh/sshd_config.rpmnew > error: unpacking of archive failed on file /usr/sbin/sshd: cpio: rename > > Failed: > openssh-server.x86_64 0:4.3p2-82.el5 > > > Thanks . > > George Pochiscan > Support Engineer > > > > _______________________________________________ > rhelv5-list mailing list > rhelv5-list@redhat.com > https://www.redhat.com/mailman/listinfo/rhelv5-list _______________________________________________ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list
