From owner-freebsd-security  Sat Jun 29 17:45:55 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3042C37B400; Sat, 29 Jun 2002 17:45:44 -0700 (PDT)
Received: from mta03-svc.ntlworld.com (mta03-svc.ntlworld.com [62.253.162.43])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 227AF43E09; Sat, 29 Jun 2002 17:45:43 -0700 (PDT)
	(envelope-from scott.mitchell@mail.com)
Received: from lungfish.ntlworld.com ([80.4.0.215])
          by mta03-svc.ntlworld.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020630004537.YHTM295.mta03-svc.ntlworld.com@lungfish.ntlworld.com>;
          Sun, 30 Jun 2002 01:45:37 +0100
Received: from tuatara.goatsucker.org (tuatara.goatsucker.org [192.168.1.6])
	by lungfish.ntlworld.com (8.11.6/8.11.6) with ESMTP id g5U0jEV16919;
	Sun, 30 Jun 2002 01:45:14 +0100 (BST)
	(envelope-from scott@tuatara.goatsucker.org)
Received: (from scott@localhost)
	by tuatara.goatsucker.org (8.12.3/8.12.3/Submit) id g5U0jDeP012805;
	Sun, 30 Jun 2002 01:45:13 +0100 (BST)
	(envelope-from scott)
Date: Sun, 30 Jun 2002 01:45:13 +0100
From: Scott Mitchell <scott.mitchell@mail.com>
To: "Jack L. Stone" <jackstone@sage-one.net>
Cc: Scott Robbins <scottro@nyc.rr.com>,
	FreeBSD user <freebsd@XtremeDev.com>,
	Scott Gerhardt <scott@gerhardt-it.com>,
	FreeBSD <freebsd-questions@FreeBSD.ORG>, freebsd-security@FreeBSD.ORG
Subject: Re: Sshd fix
Message-ID: <20020630014513.D2920@fishballoon.dyndns.org>
References: <3.0.5.32.20020629173550.0117cc50@mail.sage-one.net> <B94260F8.FFB%scott@gerhardt-it.com> <3.0.5.32.20020629173550.0117cc50@mail.sage-one.net> <20020630004754.GA2600@scott1.homeunix.net> <3.0.5.32.20020629192508.0117cc50@mail.sage-one.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3.0.5.32.20020629192508.0117cc50@mail.sage-one.net>; from jackstone@sage-one.net on Sat, Jun 29, 2002 at 07:25:08PM -0500
X-Operating-System: FreeBSD 4.6-STABLE i386
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Sat, Jun 29, 2002 at 07:25:08PM -0500, Jack L. Stone wrote:
> At 07:47 PM 6.29.2002 -0500, Scott Robbins wrote:
> >On Sat, Jun 29, 2002 at 05:35:50PM -0500, Jack L. Stone wrote:
> >> At 07:07 PM 6.28.2002 -0600, FreeBSD user wrote:
> >> >cd /usr/ports/security/openssh-portable && make -DOPENSSH_OVERWRITE_BASE
> >> install distclean
> >> >
> >> I just ran this on a test box and the sshd version shows no change... I saw
> >> it compile and install, but #sshd -V gives old version #...
> >> 
> >> What did I do wrong here...??

Don't know if this part has already been answered... anyway, you need to
kill the old sshd and start your new one:

# kill `cat /var/run/sshd.pid`

...compare the ssh_config and sshd_config files in /etc/ssh with the -dist
versions installed by the port...make any appropriate config changes

# /usr/sbin/sshd

If that whines about any problems with the config files, fix those and try
again.  Repeat until it works.

'sshd -V' should tell you 3.4p1, provided /usr/sbin is on your path and you
don't have any other ssh installed... are you sure you don't have one
lurking in /usr/local?

> This is what worries me too. I deinstalled the ssh port right afterwards,
> but I'm wondering what else is changed. I noticed it updated the
> openssl-0.9.6a to 0.9.6d that I didn't expect. The /var/db/pkg shows that
> "d" version installed.
> 
> I'm running SSL on that machine and it still says 0.9.6.a when I load
> Apache_modssl and OpenSSH, etc. But, NOW, I'm really worried that I shot
> myself in the foot and this is waiting to bite me later.
> 
> If anyone knows the answer to what Scott said about the next make world
> clobbering things, please let me know....

Just set NO_OPENSSH=true in /etc/make.conf.  Then buildworld/installworld
will just ignore OpenSSH entirely.

I actually also added OPENSSH_OVERWRITE_BASE=true to make.conf, since I'll
probably forget to use it if I need to update the port before OpenSSH 3
makes it into -STABLE.

HTH,

	Scott (the other one :-)

-- 
===========================================================================
Scott Mitchell          | PGP Key ID | "Eagles may soar, but weasels
Cambridge, England      | 0x54B171B9 |  don't get sucked into jet engines"
scott.mitchell@mail.com | 0xAA775B8B |      -- Anon

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message