From owner-freebsd-security Wed Nov 28 14:16:42 2001 Delivered-To: freebsd-security@freebsd.org Received: from moek.pir.net (moek.pir.net [130.64.1.215]) by hub.freebsd.org (Postfix) with ESMTP id 5109A37B41E for ; Wed, 28 Nov 2001 14:16:37 -0800 (PST) Received: from pir by moek.pir.net with local (Exim) id 169D0O-0006bN-00 for freebsd-security@freebsd.org; Wed, 28 Nov 2001 17:16:36 -0500 Date: Wed, 28 Nov 2001 17:16:36 -0500 From: Peter Radcliffe To: freebsd-security@freebsd.org Subject: Re: Updating ssh Message-ID: <20011128171636.D16465@pir.net> Reply-To: freebsd-security@freebsd.org Mail-Followup-To: freebsd-security@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from jaykeller4@hotmail.com on Wed, Nov 28, 2001 at 10:07:56PM +0000 X-fish: < X-Copy-On-Listmail: Please do NOT Cc: me on list mail. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Jay Keller probably said: > I'm trying to update the ssh that is part of the base of 4.4. The latest > version (after updating using cvs RELENG_4) is openssh-2.9 shown with > /usr/bin/ssh -V. Openssh 3.0.x is available via ports or packages and is set > to be installed to /usr/local/whatever. What is the correct way to update > ssh? Do I go through and delete all of the original ssh files in /usr/bin, > /etc, the man pages, and so on and then just install the version 3x package? > Or should I use the port and somehow change the install dir to something to > match the original or just use /usr/local? Personally I download the latest portable openssh (I'm running 3.0.1 right now) and configure it with; ./configure --with-tcp-wrappers \ --with-default-path=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin \ --disable-suid-ssh --with-pam --with-pid-dir=/var/run \ --sysconfdir=/etc/ssh --prefix=/usr \ --with-xauth=/usr/X11R6/bin/xauth and it replaces the installed version with no problems for me. HOWEVER there are some of the features that the properly integrated openssh provides which the portable configured in this way will not (things like Kerberos support, if I am not mistaken). I don't use any of these features so don't have any issues with this ... P. -- pir pir-sig@pir.net pir-sig@net.tufts.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message