Re: OpenSSH on Debian

From: Nico Kadel-Garcia (nkadel@bellatlantic.net)
Date: 05/25/02


From: "Nico Kadel-Garcia" <nkadel@bellatlantic.net>
Date: Sat, 25 May 2002 03:02:42 GMT


"Jan-Hendrik Palic" <palic@billgotchy.de> wrote in message
news:slrnaesp9n.ra4.palic@gromitt.billgotchy.de...
> hi Marc
>
> In article <1022257560.371638@news.kkf.net>, Marc Schönberg wrote:
> > I was trying to install the latest version of OpenSSH on a Debian box
for
> > security reasons. Unfortunately I am not familiar with this
distribution.
> > The INSTALL file in th OpenSSH source directory tells me to pass on the
> > location of the rsh file to the configure script. Well, I don't know
where
> > it is located in Debian, even a find command could not tell me.
>
> What debian version do you use? If you using potato, I will advice yiou
> to upgrade to woody.
>
> In woody, there is ssh 3.0.2p1-9 included:

Which suffers from a local root exploit, unless the Debian maintainers have
patched the base OpenSSH code.

It's possible not to install rsh: I rip it out of every system I can, and
rebuild RPM's to use "--without-rsh" and eliminate the dependency.