From owner-freebsd-questions@FreeBSD.ORG  Fri Sep 24 15:50:59 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9FCB916A506; Fri, 24 Sep 2004 15:50:59 +0000 (GMT)
Received: from post5.inre.asu.edu (post5.inre.asu.edu [129.219.110.120])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 646FA43D45; Fri, 24 Sep 2004 15:50:59 +0000 (GMT)
	(envelope-from David.Bear@asu.edu)
Received: from conversion.post5.inre.asu.edu by asu.edu (PMDF V6.1-1X6 #30769)
 id <0I4J00B01YJ108@asu.edu>; Fri, 24 Sep 2004 08:47:25 -0700 (MST)
Received: from smtp.asu.edu (smtp.asu.edu [129.219.110.107])
	<0I4J009OLYJ1DS@asu.edu>; Fri, 24 Sep 2004 08:47:25 -0700 (MST)
Received: from moroni.pp.asu.edu (moroni.pp.asu.edu [129.219.69.200])
	(8.12.10/8.12.10/asu_smtp_relay,nullclient,tcp_wrapped)
	with ESMTP id i8OFlH71013216; Fri, 24 Sep 2004 08:47:17 -0700 (MST)
Received: by moroni.pp.asu.edu (Postfix, from userid 500)	id B800BE97; Fri,
	24 Sep 2004 08:46:49 -0700 (MST)
Received: from post1.inre.asu.edu (post1.inre.asu.edu [129.219.110.72])
	by imap1.asu.edu (8.11.0/8.11.0/asu_cyrus,tcp_wrapped)
 with ESMTP id g5T1C9E17632	for <iddwb@IMAP1.ASU.EDU>; Fri,
 28 Jun 2002 18:12:09 -0700 (MST)
Received: from conversion.post1.inre.asu.edu by asu.edu (PMDF V6.1 #40110)
	david.bear@asu.edu) ; Fri, 28 Jun 2002 18:12:10 -0700 (MST)
Received: from mx2.freebsd.org (mx2.FreeBSD.org [216.136.204.119])
 by asu.edu (PMDF V6.1 #40110) with ESMTP id <0GYG00LNS0OAPS@asu.edu> for
 iddwb@IMAP1.ASU.EDU (ORCPT david.bear@asu.edu); Fri,
 28 Jun 2002 18:12:10 -0700 (MST)
Received: from hub.freebsd.org (hub.FreeBSD.org [216.136.204.18])
	by mx2.freebsd.org (Postfix) with ESMTP	id 6A81155C92; Fri,
 28 Jun 2002 18:12:00 -0700
Received: by hub.freebsd.org (Postfix, from userid 538)	id B999837B407; Fri,
	28 Jun 2002 18:11:51 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])	by hub.freebsd.org (Postfix)
	with SMTP	id 73F6C2E8019; Fri, 28 Jun 2002 18:11:49 -0700 (PDT)
Received: by hub.freebsd.org (bulk_mailer v1.12); Fri,
 28 Jun 2002 18:11:49 -0700
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP	id 9C87637B401; Fri,
 28 Jun 2002 18:11:45 -0700 (PDT)
Received: from nycsmtp1out.rdc-nyc.rr.com(Postfix)
	with ESMTP	id C3C7243E09; Fri,
	28 Jun 2002 18:11:44 -0700 (PDT envelope-from scottro@despammed.com)
Received: from despammed.com (66-108-172-188.nyc.rr.com [66.108.172.188])
	by nycsmtp1out.rdc-nyc.rr.com (8.12.1/Road Runner SMTP Server 1.0)
 with SMTP id g5T1B1s3005463; Fri, 28 Jun 2002 21:11:02 -0400 (EDT)
From: Scott Robbins <scottro@nyc.rr.com>
In-reply-to: <B94260F8.FFB%scott@gerhardt-it.com>
Sender: owner-freebsd-security@FreeBSD.ORG
To: dwbear75@gmail.com
Message-id: <20020629021138.GA3460@scott1.homeunix.net>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-disposition: inline
Precedence: bulk
X-Loop: FreeBSD.org
Delivered-to: freebsd-security@freebsd.org
Old-To: Scott Gerhardt <scott@gerhardt-it.com>
User-Agent: Mutt/1.4i
Lines: 38
References: <B94260F8.FFB%scott@gerhardt-it.com>
X-Keywords: 
cc: freebsd-security@FreeBSD.ORG
cc: FreeBSD <freebsd-questions@FreeBSD.ORG>
Subject: Re: Sshd fix
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
Date: Fri, 24 Sep 2004 15:50:59 -0000
X-Original-Date: Fri, 28 Jun 2002 21:11:38 -0500
X-List-Received-Date: Fri, 24 Sep 2004 15:50:59 -0000

On Fri, Jun 28, 2002 at 06:52:40PM -0600, Scott Gerhardt wrote:
> For the sshd fix, could't I just strip the base openssh from the system and
> install the updated openssh-3.4 from the ports?
> 
> If so, what is the best method to disable/eliminate openssh from the base
> system?

This is what I did, and it seems to work. (I'd be grateful if someone
pointed out anything I did wrong.  Part of it was gotten from a post
by someone else, and the rest I figured out, for better or worse, on
my own.

cvsup ports to make sure you have 3.4.
Make install.
Edit /etc/rc.conf
Change enable_sshd="YES" to a "NO"
add the line
sshd_program="/usr/local/sbin/ssshd"
In /usr/local/etc/rc.d you'll find that it's put a script called
sshd.sh.sample.  Rename that to sshd.sh

You've probably seen the various advisories that suggest taking the
ChallengeResponse line and changing it to no  (and uncomment it as
well)

Lastly, until I renamed /usr/sbin/sshd, it kept giving me the old
version number--so, stop sshd, and rename /usr/sbin/sshd to something
else. Then, start the new one 
/usr/local/sbin/sshd

This seems to work.

HTH
Scott Robbins


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message