Re: OpenSSH b0rked (was RE: Problems with IPFW patch)

From: Ade Lovett (
Date: 01/29/01

Date: Mon, 29 Jan 2001 10:14:11 -0600
From: Ade Lovett <>
To: Rasputin <>

On Mon, Jan 29, 2001 at 09:57:53AM +0000, Rasputin wrote:
> In general I'd agree with Matt and aDe, but if a directive
> affecting security has changed, I'd say it's better to be notified of it
> as soon as possible.
> Killing off sshd obviously makes remote admin a real problem, though;
> is there another way to guarantee we'd notice ?

Well, something in /usr/src/UPDATING might have helped.
Believe it or not, I do read it. Nothing there.

Update -stable box, run mergemaster, ignore anything to do with
ssh_config or sshd_config since ours are fairly heavily different,
reboot, no sshd.

If it's not going to be backed out (a serious mistake, IMO), then
UPDATING needs to be modified at least:

        The 'ConnectionsPerPeriod' directive in /etc/ssh/sshd_config
        has been deprecated. Please ensure that you either comment
        out, or preferably remove, this entry BEFORE REBOOTING.
        /usr/sbin/sshd after this date WILL NOT RUN with this directive
        in place, which is likely to cause substantial issues for
        headless machines.

There. Another mighty victory for the Confederation.


Ade Lovett, Austin, TX.
FreeBSD: The Power to Serve
To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message