From owner-freebsd-current@FreeBSD.ORG  Wed Apr 23 17:49:51 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AEDC037B401
	for <freebsd-current@freebsd.org>;
	Wed, 23 Apr 2003 17:49:51 -0700 (PDT)
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AD3B043FD7
	for <freebsd-current@freebsd.org>;
	Wed, 23 Apr 2003 17:49:50 -0700 (PDT)	(envelope-from des@ofug.org)
Received: by flood.ping.uio.no (Postfix, from userid 2602)
	id CD8575308; Thu, 24 Apr 2003 02:49:48 +0200 (CEST)
X-URL: http://www.ofug.org/~des/
X-Disclaimer: The views expressed in this message do not necessarily
  coincide with those of any organisation or company with
  which I am or have been affiliated.
To: Adam <blueeskimo@gmx.net>
From: Dag-Erling Smorgrav <des@ofug.org>
Date: Thu, 24 Apr 2003 02:49:47 +0200
In-Reply-To: <1051119796.38751.30.camel@jake> (Adam's message of "23 Apr
 2003 13:43:17 -0400")
Message-ID: <xzpadegen2s.fsf@flood.ping.uio.no>
User-Agent: Gnus/5.090015 (Oort Gnus v0.15) Emacs/21.2
References: <xzpsms9w2ao.fsf@flood.ping.uio.no>
	<1051119796.38751.30.camel@jake>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
cc: freebsd-current@freebsd.org
Subject: Re: HEADS UP: OpenSSH upgrade
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Apr 2003 00:49:52 -0000

Adam <blueeskimo@gmx.net> writes:
> On Wed, 2003-04-23 at 13:29, Dag-Erling Smorgrav wrote:
> > I've just upgraded OpenSSH to 3.6.1p1.  Please exercise due care when
> > upgrading, 
> Can you elaborate? IIRC, updating OpenSSH last time was a no-brainer.
> What precautions should be taken?

There is always a certain amount of risk, mostly because the number of
combinations and variations supported by OpenSSH + PAM are far beyond
my ability to test exhaustively (or do more than just scratch the
surface).  Standard precautions include not upgrading remote systems
unless you can accept a slight chance that you will be locked out when
it reboots (if something went wrong with sshd).

DES
-- 
Dag-Erling Smorgrav - des@ofug.org