From owner-freebsd-questions Mon Jul 1 6:50:36 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E7E6237B400 for ; Mon, 1 Jul 2002 06:50:29 -0700 (PDT) Received: from d188h80.mcb.uconn.edu (d188h80.mcb.uconn.edu [137.99.188.80]) by mx1.FreeBSD.org (Postfix) with SMTP id AB01143E1D for ; Mon, 1 Jul 2002 06:50:28 -0700 (PDT) (envelope-from sirmoo@cowbert.2y.net) Received: (qmail 29874 invoked by uid 1001); 1 Jul 2002 13:50:22 -0000 Date: Mon, 1 Jul 2002 09:50:22 -0400 From: "Peter C. Lai" To: "Jack L. Stone" Cc: Scott Robbins , FreeBSD user , Scott Gerhardt , FreeBSD , freebsd-security@FreeBSD.ORG Subject: Re: Sshd fix Message-ID: <20020701095022.A20329@cowbert.2y.net> Reply-To: peter.lai@uconn.edu References: <3.0.5.32.20020629173550.0117cc50@mail.sage-one.net> <3.0.5.32.20020629173550.0117cc50@mail.sage-one.net> <20020630004754.GA2600@scott1.homeunix.net> <3.0.5.32.20020629192508.0117cc50@mail.sage-one.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3.0.5.32.20020629192508.0117cc50@mail.sage-one.net>; from jackstone@sage-one.net on Sat, Jun 29, 2002 at 07:25:08PM -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, Jun 29, 2002 at 07:25:08PM -0500, Jack L. Stone wrote: > At 07:47 PM 6.29.2002 -0500, Scott Robbins wrote: > >On Sat, Jun 29, 2002 at 05:35:50PM -0500, Jack L. Stone wrote: > >> At 07:07 PM 6.28.2002 -0600, FreeBSD user wrote: > >> >cd /usr/ports/security/openssh-portable && make -DOPENSSH_OVERWRITE_BASE > >> install distclean > >> > > >> I just ran this on a test box and the sshd version shows no change... I saw > >> it compile and install, but #sshd -V gives old version #... > >> > >> What did I do wrong here...?? > > > >BTW after the other Scott's post, I tried it his way--leaving out > >sshd_enable and sshd_program. Worked quite well--also, one reason I > >haven't done the overwrite option--as Jonathan said, won't that get > >clobbered next time you do make world? > > > >Interestingly enough, pkg-message suggests doing this--leaving > >sshd_enable at YES, adding sshd_program and then editing the path, (I > >assume root's) so that /usr/local/sbin comes before /usr/sbin. > >However, I've found the lazy man's way, which seems to be efficient as > >well, to be a combination of Jonathan's and the other Scott's. > > > >I realize this is not exactly what Jack is asking, but I'm wondering > >too--if one does the OVERWRITE, won't it get clobbered upon the next > >make world? > > > >Thanks > >Scott Robbins > >> > This is what worries me too. I deinstalled the ssh port right afterwards, > but I'm wondering what else is changed. I noticed it updated the > openssl-0.9.6a to 0.9.6d that I didn't expect. The /var/db/pkg shows that > "d" version installed. > > I'm running SSL on that machine and it still says 0.9.6.a when I load > Apache_modssl and OpenSSH, etc. But, NOW, I'm really worried that I shot > myself in the foot and this is waiting to bite me later. ssl for apache (both apache13-modssl and apache13-ssl) statically links openssl. If you want to upgrade your modssl to use the new openssl, you should recompile and reinstall it. > > If anyone knows the answer to what Scott said about the next make world > clobbering things, please let me know.... > > Best regards, > Jack L. Stone, > Administrator > > SageOne Net > http://www.sage-one.net > jackstone@sage-one.net > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology | Undergraduate Research Assistant http://cowbert.2y.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message