Date: Sun, 26 Feb 2006 23:32:34 +0000 From: Chris <chrcoluk@gmail.com> To: "=?ISO-8859-1?Q?Erik_N=F8rgaard?=" <norgaard@locolomo.org> Cc: Giorgos Keramidas <keramida@ceid.upatras.gr>, "Daniel A." <ldrada@gmail.com>, freebsd-questions@freebsd.org Subject: Re: Updating OpenSSH Message-ID: <3aaaa3a0602261532y5993b682o@mail.gmail.com> In-Reply-To: <440196B2.605@locolomo.org> References: <5ceb5d550602251625s59a07426va95de19bb48cb969@mail.gmail.com> <20060226022316.GA56261@flame.pc> <5ceb5d550602251832ub56fe77j9e0936121de5b02a@mail.gmail.com> <440196B2.605@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 26/02/06, Erik N=F8rgaard <norgaard@locolomo.org> wrote: > > Daniel A. wrote: > > So, basically, if I want the newest version of OpenSSH running on my > > system, I have to not use the one shipped with 6.0-RELEASE, and > > install OpenSSH from ports? > > Please don't toppost. > > Installing from ports you'll get version 3.6.1. Before you get paranoid, > check the changelog - are there any changes that you actually need? do > they provide increased security? > > Cheers, Erik > > -- > Ph: +34.666334818 web: http://www.locolomo.org > S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt > Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 > Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 > _______________________________________________ I use the openssh-portable there is one change regarding compression that fixes a security problem that wasnt ported over to the security branch and another security flaw which I believe made it to a security list but I cannot remember which one. Again this didnt make the security branch. I also think its a good idea to keep upto date incase they patch up unpublished vulnerabilities that they keep private. Regarding stopping users running base version there are a few ways to do it ranging from deleting the base binaries and disabling it in make.conf so doesnt get rebuilt on a buildworld to making sure /usr/local/bin comes before the /usr/bin in path so when ssh is typed the portable version is ran. Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3aaaa3a0602261532y5993b682o>