Re: Sshd fix

From: Scott Mitchell (scott.mitchell@mail.com)
Date: 06/30/02 

Date: Sun, 30 Jun 2002 01:45:13 +0100
From: Scott Mitchell <scott.mitchell@mail.com>
To: "Jack L. Stone" <jackstone@sage-one.net>

On Sat, Jun 29, 2002 at 07:25:08PM -0500, Jack L. Stone wrote:
> At 07:47 PM 6.29.2002 -0500, Scott Robbins wrote:
> >On Sat, Jun 29, 2002 at 05:35:50PM -0500, Jack L. Stone wrote:
> >> At 07:07 PM 6.28.2002 -0600, FreeBSD user wrote:
> >> >cd /usr/ports/security/openssh-portable && make -DOPENSSH_OVERWRITE_BASE
> >> install distclean
> >> >
> >> I just ran this on a test box and the sshd version shows no change... I saw
> >> it compile and install, but #sshd -V gives old version #...
> >>
> >> What did I do wrong here...??

Don't know if this part has already been answered... anyway, you need to
kill the old sshd and start your new one:

# kill `cat /var/run/sshd.pid`

...compare the ssh_config and sshd_config files in /etc/ssh with the -dist
versions installed by the port...make any appropriate config changes

# /usr/sbin/sshd

If that whines about any problems with the config files, fix those and try
again. Repeat until it works.

'sshd -V' should tell you 3.4p1, provided /usr/sbin is on your path and you
don't have any other ssh installed... are you sure you don't have one
lurking in /usr/local?

> This is what worries me too. I deinstalled the ssh port right afterwards,
> but I'm wondering what else is changed. I noticed it updated the
> openssl-0.9.6a to 0.9.6d that I didn't expect. The /var/db/pkg shows that
> "d" version installed.
>
> I'm running SSL on that machine and it still says 0.9.6.a when I load
> Apache_modssl and OpenSSH, etc. But, NOW, I'm really worried that I shot
> myself in the foot and this is waiting to bite me later.
>
> If anyone knows the answer to what Scott said about the next make world
> clobbering things, please let me know....

Just set NO_OPENSSH=true in /etc/make.conf. Then buildworld/installworld
will just ignore OpenSSH entirely.

I actually also added OPENSSH_OVERWRITE_BASE=true to make.conf, since I'll
probably forget to use it if I need to update the port before OpenSSH 3
makes it into -STABLE.

HTH,

        Scott (the other one :-) 

-- 
===========================================================================
Scott Mitchell          | PGP Key ID | "Eagles may soar, but weasels
Cambridge, England      | 0x54B171B9 |  don't get sucked into jet engines"
scott.mitchell@mail.com | 0xAA775B8B |      -- Anon
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: are these ssh versions secure?
    ... I tried to install this on ... compile ssh-com's server and put it ini /usr/local/., then compile OpenSSH ... So installing the single sshd binary of OpenSSH would ...
    (comp.security.ssh)
  • Re: how to find out the version of a running sshd
    ... >> I have openssh sshd running on my linux 7.2. ... Just install the RedHat 7.2 updated RPM. ...
    (comp.security.ssh)
  • RE: OpenSSH b0rked (was RE: Problems with IPFW patch)
    ... fix was the config file. ... No reboots or restarting sshd necessary. ... > Subject: RE: OpenSSH b0rked ... >> annoying install sequence - you can't define where it gets ...
    (FreeBSD-Security)
  • Re: remote administration of upgrades
    ... > done) or just recompiling ssh and sendmail and ... Unless you have remote console access to your machine, ... kernel actually works before you go ahead an install the matching ... > don't want to fubar sshd and then not be able to ...
    (freebsd-questions)
  • Re: sftp only works for root
    ... I'm running a new install of sshd ... Almost every release of OpenSSH for several years has added ... I got rid of all previous versions of ssh and sshd (used updatedb/locate to ... The new binaries are under /usr/local/ (where "make install" ...
    (comp.security.ssh)