Re: OpenSSH on Debian

From: Nico Kadel-Garcia (
Date: 05/25/02

From: "Nico Kadel-Garcia" <>
Date: Sat, 25 May 2002 03:02:42 GMT

"Jan-Hendrik Palic" <> wrote in message
> hi Marc
> In article <>, Marc Schönberg wrote:
> > I was trying to install the latest version of OpenSSH on a Debian box
> > security reasons. Unfortunately I am not familiar with this
> > The INSTALL file in th OpenSSH source directory tells me to pass on the
> > location of the rsh file to the configure script. Well, I don't know
> > it is located in Debian, even a find command could not tell me.
> What debian version do you use? If you using potato, I will advice yiou
> to upgrade to woody.
> In woody, there is ssh 3.0.2p1-9 included:

Which suffers from a local root exploit, unless the Debian maintainers have
patched the base OpenSSH code.

It's possible not to install rsh: I rip it out of every system I can, and
rebuild RPM's to use "--without-rsh" and eliminate the dependency.