From owner-freebsd-security Wed Feb 28 21:59:54 2001 Delivered-To: freebsd-security@freebsd.org Received: from nameserver.austclear.com.au (nameserver.austclear.com.au [192.83.119.132]) by hub.freebsd.org (Postfix) with ESMTP id B641037B719 for ; Wed, 28 Feb 2001 21:59:49 -0800 (PST) (envelope-from ahl@austclear.com.au) Received: from tungsten.austclear.com.au (tungsten.austclear.com.au [192.168.70.1]) by nameserver.austclear.com.au (8.9.3/8.9.3) with ESMTP id QAA37893; Thu, 1 Mar 2001 16:59:48 +1100 (EST) Received: from tungsten (tungsten [192.168.70.1]) by tungsten.austclear.com.au (8.9.3/8.9.3) with ESMTP id QAA01865; Thu, 1 Mar 2001 16:59:48 +1100 (EST) Message-Id: <200103010559.QAA01865@tungsten.austclear.com.au> X-Mailer: exmh version 2.1.1 10/15/1999 To: "Peter C. Lai" Cc: freebsd-security@FreeBSD.ORG Subject: Re: sshd weirdness In-Reply-To: Message from "Peter C. Lai" of "Thu, 01 Mar 2001 00:43:37 CDT." <000801c0a212$90619840$1e9e6389@137.99.156.23> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 01 Mar 2001 16:59:48 +1100 From: Tony Landells Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ummm, I could be wrong, but most of this seems consistent with what you did... > Now, because i had built world with OpenSSH 2.3.0, i no longer needed the > ssh 1.x port, so i deleted it using pkg_delete -f. The uptime on the box had > been several weeks. Fine. > I reboot the machine to use the new kernel, and 1. sshd is NOT running, > because in rc.conf, sshd_enable is set to OFF for some reason, and 2. when i > try to ssh in from a location on the same subnet, I am told the fingerprint > has changed. sshd_enable is set to OFF because you removed the package, I would assume... > Furthermore, because i deleted the ssh port, /usr/local/etc/rc.d/sshd.sh got > removed, which is expected. No, this is the bit that's wrong. This is the startup script for OpenSSH, and should not have been removed. > I didn't know if "SSHD_ENABLED" was already set to "NO". Since this controls whether sshd 1.x is running, it would have been changed when you removed the package. > could my deleting the port have anything to do with OpenSSH starting? Maybe, but you seem to have misunderstood which settings are for which SSH. > I checked /etc/ssh and all the keys have not been modified with a new > timestamp. That's because they belong to the version 1.x ssh, which you don't run any more. Look in /usr/local/etc for OpenSSH files. > this is puzzling... Not particularly... Tony -- Tony Landells Senior Network Engineer Ph: +61 3 9677 9319 Australian Clearing Services Pty Ltd Fax: +61 3 9677 9355 Level 4, Rialto North Tower 525 Collins Street Melbourne VIC 3000 Australia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message