From owner-freebsd-security  Wed Nov 28 14:26:29 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.hq.newdream.net (mail.hq.newdream.net [216.246.35.10])
	by hub.freebsd.org (Postfix) with ESMTP id E0C9C37B416
	for <freebsd-security@FreeBSD.ORG>; Wed, 28 Nov 2001 14:26:16 -0800 (PST)
Received: from zugzug.hq.newdream.net (zugzug.hq.newdream.net [127.0.0.1])
	by ravscan.zugzug.hq.newdream.net (Postfix) with SMTP id AD7253B396
	for <freebsd-security@FreeBSD.ORG>; Wed, 28 Nov 2001 14:26:16 -0800 (PST)
Received: by mail.hq.newdream.net (Postfix, from userid 1012)
	id 6B9EF3B379; Wed, 28 Nov 2001 14:26:16 -0800 (PST)
Date: Wed, 28 Nov 2001 14:26:16 -0800
From: Dairy Wall Limey <william@hq.newdream.net>
To: freebsd-security@FreeBSD.ORG
Subject: Re: Updating ssh
Message-ID: <20011128142616.T2779@hq.newdream.net>
Mail-Followup-To: freebsd-security@FreeBSD.ORG
References: <F49Gmjm08IyFrydlb9r0001c375@hotmail.com> <20011128141508.A67199@techometer.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20011128141508.A67199@techometer.net>
User-Agent: Mutt/1.3.23i
Organization: New Dream Network
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Erick Mechler wrote:

> Install the port into /usr/local as you normally would (make sure
> LOCALBASE is set to /usr/local), and then edit /etc/rc.conf such that
 
>   sshd_enable="YES"
>   sshd_program="/usr/local/sbin/sshd"
 
> You should probably also set sshd_flags to use the desired host key
> (most likely in /etc/ssh).  This may not be necesary; I'm not entirely
> sure.
> 
> If you were to install the port over the BOS version of OpenSSH, you'd
> just end up blowing it away the next time you did a system upgrade.

you could always put:
NO_OPENSSH=    true

in /etc/make.conf

i do this for bind and sendmail since i use postfix (shouldn't matter
if you use 'make replace' from the postfix port), but i've removed the
main binaries for bind by hand as i don't really want to put
/usr/local/{sbin|bin} ahead of /usr/{sbin|bin} in my $path and $PATH.
 
i do wish that there were a way to cleanly remove stuff from the base
os... presumably it could be bad in some cases to leave an older (and
possibly exploitable) version of something on the system.  at best it's
unnecessary.

w

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message