From owner-freebsd-questions@FreeBSD.ORG Thu Jun 3 11:27:48 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0DA0C16A4CE for ; Thu, 3 Jun 2004 11:27:48 -0700 (PDT) Received: from mail.x9media.com (mail.x9media.com [81.209.147.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4080A43D2F for ; Thu, 3 Jun 2004 11:27:47 -0700 (PDT) (envelope-from thomas.may@x9media.com) X-AuthUser: thomas.may@x9media.com Received: from PC01 (217.82.19.130:12524) by mail.x9media.com with [XMail 1.19 (FreeBSD/Ix86) ESMTP Server] ; Thu, 3 Jun 2004 20:37:25 +0200 From: "Thomas May" To: Date: Thu, 3 Jun 2004 20:27:41 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcRJlX7UZuLjxzWiTi6xYqVqltY5cgAAhRcg X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 In-Reply-To: <44fz9cy18x.fsf@be-well.ilk.org> Message-Id: <20040603182747.4080A43D2F@mx1.FreeBSD.org> Subject: AW: openssh/ssl update probleme X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jun 2004 18:27:48 -0000 Ok, I found a solution. As I told with the 5.2.1 freebsd isoimage, openssh 3.6.1p1 and openssl = 0.97c has been installed. (old versions on cd) I just install the openssh-portable port (the openssh port is the old = one), and the new version are installed. But the new sshd is not in /usr/sbin, it is in /usr/local/sbin I renamed /usr/sbin/sshd into ssh.old, I comment out in /etc/rc.conf the Sshd_enable line, and start it from /usr/local/etc/rc.d Now nessus don=92t show me any hole and I get with sshd -V the correct version. Iam using freebsd since 2 years ... thomas -----Urspr=FCngliche Nachricht----- Von: lowell@be-well.ilk.org [mailto:lowell@be-well.ilk.org] Im Auftrag = von Lowell Gilbert Gesendet: Donnerstag, 3. Juni 2004 18:56 An: Thomas May Cc: freebsd-questions@FreeBSD.org Betreff: Re: openssh/ssl update probleme "Thomas May" writes: > i have installed freebsd 5.2.1 from the iso image. Openssh 3.6.1p1 and > openssl 0.97c has been installed. Right. > Because they have holes I want to install the newest ones. All of the known holes were patched at the time of release. There are FreeBSD-specific additions to the version banner in order to differentiate it from the original OpenSSH releases in which the security issues existed. To the best of my knowledge, no new security issues have come up in either openssh or openssl since FreeBSD 5.2.1 was released. In other words, you probably do *not* have any security holes in either one. > If I install the openssl port or the openssh port, the update doesn't work. That isn't specific enough for me to help you with. > I also try the openssh-portable port with the new version, but it also shows > me the old version. It sounds as though /usr/bin comes before /usr/local/bin on your path, so if you just type "ssh" you will get the old version. Try "/usr/local/bin/ssh -V" and you will probably see the version number for the ssh installed from ports. Since you apparently aren't acquainted with the idea of a search path, you probably should start by getting up to speed on Unix before trying to deal with security topics; you are likely to make things worse rather than better. An excellent starting place is http://www.freebsd.org/projects/newbies.html#fbsd particularly the "For People New to Both FreeBSD and Unix" tutorial. Good luck. --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.689 / Virus Database: 450 - Release Date: 21.05.2004 =20 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.689 / Virus Database: 450 - Release Date: 21.05.2004 =20