Re: Sshd fix
From: Scott Robbins (scottro@nyc.rr.com)
Date: 06/29/02
- Next message: Colin Faber: "Re: apache-worm.c"
- Previous message: FreeBSD user: "Re: Sshd fix"
- In reply to: Scott Gerhardt: "Sshd fix"
- Next in thread: Jack L. Stone: "Re: Sshd fix"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 28 Jun 2002 21:11:38 -0500 From: Scott Robbins <scottro@nyc.rr.com> To: Scott Gerhardt <scott@gerhardt-it.com>
On Fri, Jun 28, 2002 at 06:52:40PM -0600, Scott Gerhardt wrote:
> For the sshd fix, could't I just strip the base openssh from the system and
> install the updated openssh-3.4 from the ports?
>
> If so, what is the best method to disable/eliminate openssh from the base
> system?
This is what I did, and it seems to work. (I'd be grateful if someone
pointed out anything I did wrong. Part of it was gotten from a post
by someone else, and the rest I figured out, for better or worse, on
my own.
cvsup ports to make sure you have 3.4.
Make install.
Edit /etc/rc.conf
Change enable_sshd="YES" to a "NO"
add the line
sshd_program="/usr/local/sbin/ssshd"
In /usr/local/etc/rc.d you'll find that it's put a script called
sshd.sh.sample. Rename that to sshd.sh
You've probably seen the various advisories that suggest taking the
ChallengeResponse line and changing it to no (and uncomment it as
well)
Lastly, until I renamed /usr/sbin/sshd, it kept giving me the old
version number--so, stop sshd, and rename /usr/sbin/sshd to something
else. Then, start the new one
/usr/local/sbin/sshd
This seems to work.
HTH
Scott Robbins
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Colin Faber: "Re: apache-worm.c"
- Previous message: FreeBSD user: "Re: Sshd fix"
- In reply to: Scott Gerhardt: "Sshd fix"
- Next in thread: Jack L. Stone: "Re: Sshd fix"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
