From owner-freebsd-questions@FreeBSD.ORG Sun Feb 26 23:32:35 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 84CB116A420 for ; Sun, 26 Feb 2006 23:32:35 +0000 (GMT) (envelope-from chrcoluk@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id F19A543D48 for ; Sun, 26 Feb 2006 23:32:34 +0000 (GMT) (envelope-from chrcoluk@gmail.com) Received: by wproxy.gmail.com with SMTP id i20so711925wra for ; Sun, 26 Feb 2006 15:32:34 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=jm1YttGHSKzqpvpasOne2DaKwATRhA7VincI+2Z0dOdkRbAY2taAmvdxqjY+CkpsrBc5UDJAqOQgy2ZB9VxITYfaDd00GgI1LORHIKI7lqfdIRhcs6bqRKdOkGzQILKo/CV7L9Crw5Jpf8SFyJdCiIcGiZCOYIeeyYkCikOJNn0= Received: by 10.54.110.7 with SMTP id i7mr3679368wrc; Sun, 26 Feb 2006 15:32:34 -0800 (PST) Received: by 10.54.113.12 with HTTP; Sun, 26 Feb 2006 15:32:34 -0800 (PST) Message-ID: <3aaaa3a0602261532y5993b682o@mail.gmail.com> Date: Sun, 26 Feb 2006 23:32:34 +0000 From: Chris To: "=?ISO-8859-1?Q?Erik_N=F8rgaard?=" In-Reply-To: <440196B2.605@locolomo.org> MIME-Version: 1.0 References: <5ceb5d550602251625s59a07426va95de19bb48cb969@mail.gmail.com> <20060226022316.GA56261@flame.pc> <5ceb5d550602251832ub56fe77j9e0936121de5b02a@mail.gmail.com> <440196B2.605@locolomo.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Giorgos Keramidas , "Daniel A." , freebsd-questions@freebsd.org Subject: Re: Updating OpenSSH X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Feb 2006 23:32:35 -0000 On 26/02/06, Erik N=F8rgaard wrote: > > Daniel A. wrote: > > So, basically, if I want the newest version of OpenSSH running on my > > system, I have to not use the one shipped with 6.0-RELEASE, and > > install OpenSSH from ports? > > Please don't toppost. > > Installing from ports you'll get version 3.6.1. Before you get paranoid, > check the changelog - are there any changes that you actually need? do > they provide increased security? > > Cheers, Erik > > -- > Ph: +34.666334818 web: http://www.locolomo.org > S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt > Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 > Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 > _______________________________________________ I use the openssh-portable there is one change regarding compression that fixes a security problem that wasnt ported over to the security branch and another security flaw which I believe made it to a security list but I cannot remember which one. Again this didnt make the security branch. I also think its a good idea to keep upto date incase they patch up unpublished vulnerabilities that they keep private. Regarding stopping users running base version there are a few ways to do it ranging from deleting the base binaries and disabling it in make.conf so doesnt get rebuilt on a buildworld to making sure /usr/local/bin comes before the /usr/bin in path so when ssh is typed the portable version is ran. Chris