In message <p05101011b832abe364e3[165.227.249.20]>, Paul Hoffman writes:
>Greetings again. I'm running a stock 1.5.1 (not using -current). My
>sshd reports itself as:
>
>sshd version OpenSSH_2.5.1 NetBSD_Secure_Shell-20010219
>
>So, here's a bunch of questions.
>
>How do I upgrade it to the latest version that has the security bug
>fixes in it? The current version seems to be 3.0.2, so I don't
>imagine that I can do a simple patch in /usr/src.
>
>If the answer is "use pkgsrc", how do I make sure that I use the
>pkgsrc version instead of the distributed version? My packages build
>into /usr/pkg. Would I change the /etc/rc.d/sshd directly? If so,
>won't that change get wiped out when I upgrade NetBSD?
>
>Also, if I do change /etc/rc.d/sshd, I assume that I have to change
>it in four places (because I want to use the pkgsrc ssh-keygen as
>well). Is that correct?
>
I just grabbed the portable version of openssh, and built it to install
in /usr/openssh. I then changed "command" in /etc/rc.d/sshd to point
to /usr/openssh/sbin/sshd. I didn't worry about keygen, since all of
my hosts already have keys. I did copy /etc/ssh* to /usr/openssh/etc,
but beware -- the config files are ssh_config and sshd_config, rather
than the ssh.conf and sshd.conf that 1.5.2 uses. And you can't just
rename them; the options ar slightly changed.

For user purposes, I just prepended /usr/openssh/bin to my $PATH.

All this isn't ideal, but it let me isolate the new stuff until there's
an official fix. I'm hoping that that will happen while I still
remember what I did...

                --Steve Bellovin, http://www.research.att.com/~smb
                Full text of "Firewalls" book now at http://www.wilyhacker.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]