From owner-freebsd-security@FreeBSD.ORG  Fri Sep 24 22:09:21 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EEC9716A4CE
	for <freebsd-security@freebsd.org>;
	Fri, 24 Sep 2004 22:09:21 +0000 (GMT)
Received: from betty.computinginnovations.com
	(dsl081-142-072.chi1.dsl.speakeasy.net [64.81.142.72])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5666A43D39
	for <freebsd-security@freebsd.org>;
	Fri, 24 Sep 2004 22:09:21 +0000 (GMT)
	(envelope-from derek@computinginnovations.com)
Received: from p17.computinginnovations.com
	(dhcp-10-20-30-100.computinginnovations.com [10.20.30.100])
	(authenticated bits=0)i8OM9Bwb094321;
	Fri, 24 Sep 2004 17:09:12 -0500 (CDT)
Message-Id: <6.0.0.22.2.20040924170902.01feb948@mail.computinginnovations.com>
X-Sender: derek@mail.computinginnovations.com
X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22
Date: Fri, 24 Sep 2004 17:09:05 -0500
To: Alex de Kruijff <freebsd@akruijff.dds.nl>,
	Chris Orr <chris@manual-override.net>
From: Derek Ragona <derek@computinginnovations.com>
Mime-Version: 1.0
X-ComputingInnovations-MailScanner-Information: Please contact the ISP for
	more information
X-ComputingInnovations-MailScanner: Found to be clean
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Content-Filtered-By: Mailman/MimeDel 2.1.1
cc: freebsd-security@freebsd.org
Subject: Re: ssh security
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Sep 2004 22:09:22 -0000

At 04:54 PM 9/24/2004, Alex de Kruijff wrote:
>On Fri, Sep 24, 2004 at 04:03:04PM -0500, Chris Orr wrote:
> > When you build openssh, you need to be sure to add the --with-tcp-wrappers
> > argument when you run the configure script.
> >
> > ex: ./configure --with-ssl-dir=../openssl --with-pam --with-tcp-wrappers
> >
> > Hopefully this points you in the right direction.
> >
> > -chris
>
>This is a bit unsual for FreeBSD. If the default with the base system
>doesn't fith you, the you can use the port system to comile a newer
>version. cd /usr/porst/.../ssh && make install && make clean
>
>--
>Alex

I guess I am asking are the tcp wrappers enabled in the default base 
system?  If the wrappers are not enabled, do I need to build world with 
some special compile option?

Or build ssh from the port?  If the port is used do I then need to 
reconfigure anything in the system to use the port version instead of the 
base system ssh?

Thanks for your help.

         -Derek