Re: Why update the world because of OpenSSH?

From: andy@sambolian.net.nz
Date: 04/01/02

• Next message: Zvezdan Petkovic: "Re: It's time for those 2048-, 3072-, and 4096-bit keys?"
• Previous message: Jason Stone: "Re: SSH or Telnet?"
• In reply to: patpro: "Re: Why update the world because of OpenSSH?"
• Next in thread: mpd: "Re: Why update the world because of OpenSSH?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon,  1 Apr 2002 21:45:26 +1200
From: andy@sambolian.net.nz
To: security@freebsd.org

Hi,

What you can do is this. It will overwrite ssh that comes with the base so
there is no need to change rc.conf or anything.

cd /usr/ports/security/openssh-portable
make clean
make -DOPENSSH_OVERWRITE_BASE
make -DOPENSSH_OVERWRITE_BASE install

Quoting patpro <patpro@patpro.net>:

> le 31/03/02 16:00, Jesper Wallin à z3l3zt@phucking.kicks-ass.org a écrit :
>
> > Once again I make me look like a fool..
> >
> > I'm quite new to both mailinglists and FreeBSD so I'm not sure IF i
> should
> > post this or where I should post if.. sorry for pissing you off..
> >
> > Well, for some month ago I saw the warnings about the root exploit for
> > OpenSSH here. What I never understood what, why should I update my world
> > because of an OpenSSH exploit? Isn't it enought to just cvsup the ports
> and
> > re-install OpenSSH from the ports?
>
>
> it appears to me that you just have to remove the openssh that comes with
> the base system and to install the openssh-portable port (and tune rc.conf
> accordingly).
>
> patpro
> --
> "Rien ne se perd, rien ne se crée, tout s'empile"
> - Mon Bureau -
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
>

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Zvezdan Petkovic: "Re: It's time for those 2048-, 3072-, and 4096-bit keys?"
• Previous message: Jason Stone: "Re: SSH or Telnet?"
• In reply to: patpro: "Re: Why update the world because of OpenSSH?"
• Next in thread: mpd: "Re: Why update the world because of OpenSSH?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages AW: openssh/ssl update probleme ... I just install the openssh-portable port, ... To the best of my knowledge, no new security ... (freebsd-questions) Re: trojaned SSHD ? ... I'd recommend moving to OpenSSH, which supports both ssh1 and ssh2 ... platforms, including Solaris. ... Information relevant to the installation of SSH on NCMIR systems. ... * Install Zlib 1.1.2 libraries, compiling from source, on Solaris and IRIX ... (Focus-SUN) Re: Authentication failed suddenly ... I had to play the gcc re-installation game to get OpenSSH 3.4p1 to ... this is absolutely no reason to tell people to stay away from ... On both the Solaris installs I did, I built with the default privsep ... actually the 'make install' did the latter for me) - ... (comp.security.ssh) RE: OpenSSH b0rked (was RE: Problems with IPFW patch) ... fix was the config file. ... No reboots or restarting sshd necessary. ... > Subject: RE: OpenSSH b0rked ... >> annoying install sequence - you can't define where it gets ... (FreeBSD-Security) Re: OpenSSL/0.9.7c-p1 & OpenSSH_3.5p1 ... which means that all known bugs in OpenSSL and OpenSSH will have been ... If you install from ports, there is a facility for you to install the ... port in such a way as to overwrite the equivalents in the base system. ... Otherwise, if you choose to upgrade to a different source branch, you ... (freebsd-questions)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint