Date: Wed, 31 Jan 2001 02:25:26 -0800 From: Gregory Sutter <gsutter@zer0.org> To: Ade Lovett <ade@FreeBSD.org> Cc: Rasputin <rasputin@FreeBSD-uk.eu.org>, freebsd-security@freebsd.org, imp@village.org Subject: Re: OpenSSH b0rked (was RE: Problems with IPFW patch) Message-ID: <20010131022526.B656@klapaucius.zer0.org> In-Reply-To: <20010129101411.A16899@FreeBSD.org>; from ade@FreeBSD.org on Mon, Jan 29, 2001 at 10:14:11AM -0600 References: <NDBBJJFIKLHBJCFDIOKGEEKHCAAA.kupek@earthlink.net> <FDEEKLDJMPFBCBKOEEINCEIGCKAA.scott@link-net.com> <20010124230626.A49802@citusc17.usc.edu> <20010125103255.A78404@FreeBSD.org> <200101262153.f0QLrLL40016@earth.backplane.com> <20010129095752.A37233@dogma.freebsd-uk.eu.org> <20010129101411.A16899@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2001-01-29 10:14 -0600, Ade Lovett <ade@FreeBSD.org> wrote: > On Mon, Jan 29, 2001 at 09:57:53AM +0000, Rasputin wrote: > > Killing off sshd obviously makes remote admin a real problem, though; > > is there another way to guarantee we'd notice ? > > If it's not going to be backed out (a serious mistake, IMO), then > UPDATING needs to be modified at least: > > 200101xx > The 'ConnectionsPerPeriod' directive in /etc/ssh/sshd_config > has been deprecated. Please ensure that you either comment > out, or preferably remove, this entry BEFORE REBOOTING. > /usr/sbin/sshd after this date WILL NOT RUN with this directive > in place, which is likely to cause substantial issues for > headless machines. If it's deprecated, it's deprecated, and people shouldn't use it. That's not what's been done, though. The support for it has been removed, and in a sudden, unannounced, and poorly-implemented fashion. Either back this out or repair it so that sshd issues a warning and continues running. This is absolutely pointless breakage in a product that's supposed to be _stable_. Only the fact that I happened to be particularly fastidious in my mergemastering saved me from having to borrow a car and drive to my servers. It would have pissed me off even more otherwise. Greg -- Gregory S. Sutter Bureaucrats cut red tape--lengthwise. mailto:gsutter@zer0.org http://www.zer0.org/~gsutter/ hkp://wwwkeys.pgp.net/0x845DFEDD To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010131022526.B656>