From owner-freebsd-security  Wed Nov 28 14:27:20 2001
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.org (lariat.org [12.23.109.2])
	by hub.freebsd.org (Postfix) with ESMTP id E452037B416
	for <freebsd-security@FreeBSD.ORG>; Wed, 28 Nov 2001 14:27:09 -0800 (PST)
Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id PAA24041;
	Wed, 28 Nov 2001 15:26:50 -0700 (MST)
Message-Id: <4.3.2.7.2.20011128151923.041d0710@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Wed, 28 Nov 2001 15:26:40 -0700
To: "Jay Keller" <jaykeller4@hotmail.com>,
	freebsd-security@FreeBSD.ORG
From: Brett Glass <brett@lariat.org>
Subject: Re: Updating ssh
In-Reply-To: <F49Gmjm08IyFrydlb9r0001c375@hotmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

At 03:07 PM 11/28/2001, Jay Keller wrote:
  
>I'm trying to update the ssh that is part of the base of 4.4. The latest version (after updating using cvs RELENG_4) is openssh-2.9 shown with /usr/bin/ssh -V. Openssh 3.0.x is available via ports or packages and is set to be installed to /usr/local/whatever.  What is the correct way to update ssh?  Do I go through and delete all of the original ssh files in /usr/bin, /etc, the man pages, and so on and then just install the version 3x package? Or should I use the port and somehow change the install dir to something to match the original or just use /usr/local?

This reflects a common problem in FreeBSD. When you install a port or 
compile a newer version of an application which is included in the base 
install, it usually goes into /usr/local, so the system keeps on using 
the old version (which is ahead of the newer one in the path). What's 
more, the configuration files are often required to be in different 
places. FreeBSD uses /etc/ssh for SSH configuration files, while by 
default OpenSSH dumps them into /usr/local/etc.

When I recently upgraded SSH on a few systems, it was a painful process
that took a LOT of manual editing. To keep the original host keys, I
had to delete the new keys generated by the install. I symlinked the
files back into /etc/ssh and also added a -f command line argument for
SSH to rc.conf, just for good measure. I also deleted the old SSH utilities
from /usr/bin and replaced them with symlinks leading to /usr/local/bin.

Upgrading Perl or Sendmail is equally painful. (I recently had to build
a threaded version of Perl.... Not hard to build, but a MESS to get
installed.)

Perhaps FreeBSD should put these things in /usr/local from the get-go?

--Brett


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message