Date: Mon, 1 Jul 2002 13:34:26 -0700 From: "Philip J. Koenig" <pjklist@ekahuna.com> To: security@FreeBSD.ORG Subject: Re: security-digest V5 #572 Message-ID: <20020701203426516.AAA817@empty1.ekahuna.com@pc02.ekahuna.com> In-Reply-To: <bulk.74845.20020701065726@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sat, Jun 29, 2002 at 07:25:08PM -0500, Jack L. Stone wrote: > > At 07:47 PM 6.29.2002 -0500, Scott Robbins wrote: > > >On Sat, Jun 29, 2002 at 05:35:50PM -0500, Jack L. Stone wrote: > > >> At 07:07 PM 6.28.2002 -0600, FreeBSD user wrote: > > >> >cd /usr/ports/security/openssh-portable && make -DOPENSSH_OVERWRITE_BASE > > >> install distclean > > >> > > > >> I just ran this on a test box and the sshd version shows no change... I saw > > >> it compile and install, but #sshd -V gives old version #... > > >> > > >> What did I do wrong here...?? > > > > > >BTW after the other Scott's post, I tried it his way--leaving out > > >sshd_enable and sshd_program. Worked quite well--also, one reason I > > >haven't done the overwrite option--as Jonathan said, won't that get > > >clobbered next time you do make world? > > > > > >Interestingly enough, pkg-message suggests doing this--leaving > > >sshd_enable at YES, adding sshd_program and then editing the path, (I > > >assume root's) so that /usr/local/sbin comes before /usr/sbin. > > >However, I've found the lazy man's way, which seems to be efficient as > > >well, to be a combination of Jonathan's and the other Scott's. > > > > > >I realize this is not exactly what Jack is asking, but I'm wondering > > >too--if one does the OVERWRITE, won't it get clobbered upon the next > > >make world? > > > > > >Thanks > > >Scott Robbins > > >> > > This is what worries me too. I deinstalled the ssh port right afterwards, > > but I'm wondering what else is changed. I noticed it updated the > > openssl-0.9.6a to 0.9.6d that I didn't expect. The /var/db/pkg shows that > > "d" version installed. In my case I had installed the "openssh-overwrite-base-3.3p1_1 thing that was made just prior to 3.4 coming out. Then when I found out that our 2.9 was not affected, I just let it overwrite again when I rebuilt (to fix the libc thing) until (as suggested by someone here) I wait until 3.4 gets integrated into the base system. Then I accidentally ran portupgrade with the '*' wildcard [sigh], and when it got to that port it "upgraded" it to openssh-portable... BUT, instead of just nicely installing itself in /usr/local, it REMOVED the existing version 2.9 files, at the same time it did NOT update rc.conf with the new path, so basically left the sshd daemon nonfunctional which I had to fix. Worse yet, I can't get the ssh client to connect to another box, it says "DSA host key..not in list of known hosts", I tried copying the ssh_config to /usr/local/etc/ssh but that didn't help. (it *appears* to be set to look in the right place for the host keys (~/.ssh) but just not finding them) Rather than offering to import the key, it starts giving me an S/key prompt, which I've never seen before. -- Philip J. Koenig pjklist@ekahuna.com Electric Kahuna Systems -- Computers & Communications for the New Millenium To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020701203426516.AAA817>