Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Steven M. Bellovin (smbresearch.att.com)
Date: Tue Dec 04 2001 - 10:54:52 CST
In message <p05101011b832abe364e3[22.214.171.124]>, Paul Hoffman writes:
>Greetings again. I'm running a stock 1.5.1 (not using -current). My
>sshd reports itself as:
>sshd version OpenSSH_2.5.1 NetBSD_Secure_Shell-20010219
>So, here's a bunch of questions.
>How do I upgrade it to the latest version that has the security bug
>fixes in it? The current version seems to be 3.0.2, so I don't
>imagine that I can do a simple patch in /usr/src.
>If the answer is "use pkgsrc", how do I make sure that I use the
>pkgsrc version instead of the distributed version? My packages build
>into /usr/pkg. Would I change the /etc/rc.d/sshd directly? If so,
>won't that change get wiped out when I upgrade NetBSD?
>Also, if I do change /etc/rc.d/sshd, I assume that I have to change
>it in four places (because I want to use the pkgsrc ssh-keygen as
>well). Is that correct?
I just grabbed the portable version of openssh, and built it to install
in /usr/openssh. I then changed "command" in /etc/rc.d/sshd to point
to /usr/openssh/sbin/sshd. I didn't worry about keygen, since all of
my hosts already have keys. I did copy /etc/ssh* to /usr/openssh/etc,
but beware -- the config files are ssh_config and sshd_config, rather
than the ssh.conf and sshd.conf that 1.5.2 uses. And you can't just
rename them; the options ar slightly changed.
For user purposes, I just prepended /usr/openssh/bin to my $PATH.
All this isn't ideal, but it let me isolate the new stuff until there's
an official fix. I'm hoping that that will happen while I still
remember what I did...