Date: Wed, 28 Nov 2001 14:26:16 -0800 From: Dairy Wall Limey <william@hq.newdream.net> To: freebsd-security@FreeBSD.ORG Subject: Re: Updating ssh Message-ID: <20011128142616.T2779@hq.newdream.net> In-Reply-To: <20011128141508.A67199@techometer.net> References: <F49Gmjm08IyFrydlb9r0001c375@hotmail.com> <20011128141508.A67199@techometer.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Erick Mechler wrote:
> Install the port into /usr/local as you normally would (make sure
> LOCALBASE is set to /usr/local), and then edit /etc/rc.conf such that
> sshd_enable="YES"
> sshd_program="/usr/local/sbin/sshd"
> You should probably also set sshd_flags to use the desired host key
> (most likely in /etc/ssh). This may not be necesary; I'm not entirely
> sure.
>
> If you were to install the port over the BOS version of OpenSSH, you'd
> just end up blowing it away the next time you did a system upgrade.
you could always put:
NO_OPENSSH= true
in /etc/make.conf
i do this for bind and sendmail since i use postfix (shouldn't matter
if you use 'make replace' from the postfix port), but i've removed the
main binaries for bind by hand as i don't really want to put
/usr/local/{sbin|bin} ahead of /usr/{sbin|bin} in my $path and $PATH.
i do wish that there were a way to cleanly remove stuff from the base
os... presumably it could be bad in some cases to leave an older (and
possibly exploitable) version of something on the system. at best it's
unnecessary.
w
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011128142616.T2779>