Re: OpenSSH b0rked (was RE: Problems with IPFW patch)

From: Ade Lovett (ade@FreeBSD.org)
Date: 01/29/01


Date: Mon, 29 Jan 2001 10:14:11 -0600
From: Ade Lovett <ade@FreeBSD.org>
To: Rasputin <rasputin@FreeBSD-uk.eu.org>

On Mon, Jan 29, 2001 at 09:57:53AM +0000, Rasputin wrote:
> In general I'd agree with Matt and aDe, but if a directive
> affecting security has changed, I'd say it's better to be notified of it
> as soon as possible.
> Killing off sshd obviously makes remote admin a real problem, though;
> is there another way to guarantee we'd notice ?

Well, something in /usr/src/UPDATING might have helped.
Believe it or not, I do read it. Nothing there.

Update -stable box, run mergemaster, ignore anything to do with
ssh_config or sshd_config since ours are fairly heavily different,
reboot, no sshd.

If it's not going to be backed out (a serious mistake, IMO), then
UPDATING needs to be modified at least:

200101xx
        The 'ConnectionsPerPeriod' directive in /etc/ssh/sshd_config
        has been deprecated. Please ensure that you either comment
        out, or preferably remove, this entry BEFORE REBOOTING.
        /usr/sbin/sshd after this date WILL NOT RUN with this directive
        in place, which is likely to cause substantial issues for
        headless machines.

There. Another mighty victory for the Confederation.

-aDe

-- 
Ade Lovett, Austin, TX.			       ade@FreeBSD.org
FreeBSD: The Power to Serve		http://www.FreeBSD.org/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message