Re: Open SSH for Red Hat 6.2
On Sat, 6 Jul 2002, at 7:46pm, Bayard R. Coolidge wrote: > And, to bring all this back on topic, I'm still trying to figure out why > folks are straining to retrofit the OpenSSH patches onto Red Hat 6.2. Speak for youself. :-) We (meaing the company I work for, collectively) are not straining. As I said, with a current RHL 6.2 system, compiling OpenSSH is absurdly easy. As for why we are still using RHL 6.2: Because, by-and-large, it does what we need. Switching to a new release would just double our overhead in terms of configuration management and maintenance, and for almost zero benefit. (This is on the server side, mind you -- the latest KDE or GNOME means nothing to a box that never runs X11. The Linux desktops we have in the office are running newer software.) > Trying to maintain a RH 6.2 system to that level of protection [having the > latest security patches installed] is a frightening prospect... Not really. ftp://updates.redhat.com/6.2/en/os/ has everything you need. Red Hat is generally quite good at providing quick updates when vulnerabilities are discovered. As I've said many times, one of the reasons I switched to Linux was to get off the upgrade treadmill. Same principle applies here. -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Open SSH for Red Hat 6.2
On Sun, 7 Jul 2002 [EMAIL PROTECTED] wrote: > Ben> Imagine you not having root on a production system you're > Ben> supposed to be responsible for. > > Again, wouldn't happen. If I'm responsible for it, I own it. If I > don't own it, I'm not responsible for it. End of story. I may > happen to help or guide the person who is responsible for the system, > but ultimately, I won't be held responsible for it. Exactly the point I was trying to make. Now, relate this to an IT person who's linux deficient and you have your scenario where you end up being forced to run windows. Either the IT person owns it or they're not responsible for it. This exact thing has happened to me. Eventually, I convinced the people that I needed a linux box (and got one of the older rotated out boxes for it - and then finally my normal desktop box), but it took time - and now that company, well, department has respect for linux. A far bigger win then if I had said 'Fine, I quit. I'm going to find someplace that will let me run linux.' and looked like a loose cannon. Better that they think I'm a drone then associate linux with such behavior. Ben -- One cannot refuse to eat just because there is a chance of being choked. * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Open SSH for Red Hat 6.2
[EMAIL PROTECTED] writes: > Ahh, that's a totally different story! No one ever said the piece of > gear in question was "issued". It was simply stated that someone was > "forced to use Windows". Someone else made the comment about a lab > system shared among several others which required Windows. IMO, that > falls under the "special application clause" I mentioned earlier. If you want to nit-pick, I'm the one who initially used the phrase "forced to use Windows": > When I'm forced to use Windows, I like to install cygwin, which includes > OpenSSH and has an XFree86 add-on. In the past, before I tried cygwin, > I would have recommended SecureCRT for Windows users; now I'd be > tempted to offer cygwin first, with SecureCRT as a secondary option. and I later gave an example where I had to share a box in a lab. I was replacing the outgoing Unix admin, with a two-week overlap, and they didn't issue me an office or a new machine when I started because I was to take over the other guy's office and machine when he left. -- John Abreau / Executive Director, Boston Linux & Unix ICQ 28611923 / AIM abreauj / JABBER [EMAIL PROTECTED] / YAHOO abreauj Email [EMAIL PROTECTED] / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 "An idealist is just a farsighted pragmatist." -Anon msg15501/pgp0.pgp Description: PGP signature
Re: Open SSH for Red Hat 6.2
In a message dated: Sat, 06 Jul 2002 19:46:58 EDT "Bayard R. Coolidge" said: >But, I do believe that when an employer issues you a piece of gear, they >have the right to tell you what you can/will run on it and have the >expectation that you will follow that edict. The flip side of that They are >accepting the responsibility for making that Business Decision, and if a virus >comes in and wipes out their vital records or whatever, tough - it's THEIR >problem, and they have only themselves to blame. Setting yourself up to be fired >for "damaging" company equipment is just plain stupid, particularly in this >job market. So, if you're an auto-mechanic with your own set of tools, willing to take responsibility for replacing them if they get lost/stolen, you should be force to use the Wal*Mart brand screwdriver set that the auto-dealer has on-site "because they said so"? The fact that you can do the job twice as fast and more efficient using your own tools and supporting yourself should not play into the equation? You should automatically accept that every time you need to change a tire rim, that you're going to have to go get another pneumtatic wrench because you just blew out the Wal*Mart special rather than using your own heavy-duty, professional grade tool? Sorry, I don't buy that one. > But, I do believe that when an employer issues you a piece of gear, they > have the right to tell you what you can/will run on it and have the > expectation that you will follow that edict Ahh, that's a totally different story! No one ever said the piece of gear in question was "issued". It was simply stated that someone was "forced to use Windows". Someone else made the comment about a lab system shared among several others which required Windows. IMO, that falls under the "special application clause" I mentioned earlier. Now, I concede that I too made the assumption we were discussing a single user's desktop system used soley by that one individual. Obviously there are many varied situations where one could find themselves "forced to use Windows". I was speaking of the most common one; that of the office desktop which is not shared. In this scenario, there is no reason why you couldn't replace Windows for Linux without anyone a) noticing, or b) probably even caring. For that matter, I've seen one individual go so far as to bring in his own laptop and use that for all his business and work requirements and completely ignore the "corporate desktop" which was "issued"[1] to him. He chose to run Linux on his laptop. No one noticed or cared that he was running Linux, not using the gear issued to him, or even that he was not using the official corporate supported mail client. [1] Ironically, the "issued" PC was also running Linux :) > On Sat, 6 Jul 2002, "Ben" == Ben Boulanger wrote: Ben> IT departments in certain companies (ones I've worked for) Ben> simply have no tolerance for things they can't control, and Ben> really, I don't blame them. I don't blame them for not liking it, however, they're not going to know whether your running Linux or Windows unless they try to connect to the exact IP address you're using at the time. And, unless you're causing a problem on the network, they're going to be so busy elsewhere fighting fires, a well-behaved Linux box isn't going to get noticed. I'll also argue that it is physically impossible to control everything in a corporate environment from IT point of view. I know, I've tried and failed for over 10 years, and I've seen others try and fail over an even longer period of time. > On Sat, 6 Jul 2002, "Ben" == Ben Boulanger wrote: Ben> Imagine you not having root on a production system you're Ben> supposed to be responsible for. Again, wouldn't happen. If I'm responsible for it, I own it. If I don't own it, I'm not responsible for it. End of story. I may happen to help or guide the person who is responsible for the system, but ultimately, I won't be held responsible for it. -- Seeya, Paul It may look like I'm just sitting here doing nothing, but I'm really actively waiting for all my problems to go away. If you're not having fun, you're not doing it right! * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Open SSH for Red Hat 6.2
Well, having come from a wierd environment where UNIX (and a certain other well-known nearly quarter-century old proprietary operating system) were barely tolerated by the Corporate Management that was 1500+ miles away and who thought Windows was the Cat's Meow, I can sympathize with both sides of the argument. Part of the reason they never issued me a PC (I had to use the Citrix ICA client on my UNIX box to connect to an NT server on our LAN) was that the standing joke was that they knew I'd run Linux on it instead of Windows. Actually, the real joke is that I had Linux running on another disk on my UNIX workstation, so if they'd deigned to issue me a PC, it would have run whatever "they" decided should run on it. I only needed it now and then to file time cards for when I was taking vacation, or to read a Word document. (Even that was hilarious - as we all know, there are inter-version compatability problems with Word, and sometimes our print servers would barf on some of the documents that were generated internally that I printed...) But, I do believe that when an employer issues you a piece of gear, they have the right to tell you what you can/will run on it and have the expectation that you will follow that edict. The flip side of that They are accepting the responsibility for making that Business Decision, and if a virus comes in and wipes out their vital records or whatever, tough - it's THEIR problem, and they have only themselves to blame. Setting yourself up to be fired for "damaging" company equipment is just plain stupid, particularly in this job market. So, what can you do about it? Well, I'm assuming (yeah, I know about assuming stuff, OK?) that at some point, they will be trading up their hardware, and possibly have done so recently, so there may be a surplus box or two that could have become "available". If you were to "recycle" said box(es) and put Linux on them (without perturbing the "real" machines running Windows), you could run them in parallel and demonstrate Linux' capabilities in a less confrontational manner. And, to bring all this back on topic, I'm still trying to figure out why folks are straining to retrofit the OpenSSH patches onto Red Hat 6.2. While I can understand why many folks, particularly those using Linux in a business environment rather than as a hobby, don't rush out to install bleeding edge distribution releases and/or 2.5.n kernels, I don't think it's a bad idea to upgrade to a distribution/release that is demonstrably stable, so it's maintainable just in case there's an OhMyGawd security patch that was needed Yesterday. I run SuSE 7.3 on my usual dial-up system (that I'm typing this on now) and SuSE 8.0 on my new machine (to which I plan to kick over to on a full-time basis shortly). I make bloody sure I have all of the latest security-related patches installed ASAP. Trying to maintain a RH 6.2 system to that level of protection is a frightening prospect... Bayard * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Open SSH for Red Hat 6.2
On Sat, 6 Jul 2002 [EMAIL PROTECTED] wrote: > Btw, while I'm inefficiently doing the job using tools I'm not overly familiar > with 'because you said so', I'll also be looking elsewhere for employment with > a company who values efficiency of dictatorial and mindless rules without a decent > understanding of what they're really in business for." While I agree with you - linux is something I feel I need to get the job done - I disagree with the flip attitude to the 'because you said so'. IT departments in certain companies (ones I've worked for) simply have no tolerance for things they can't control, and really, I don't blame them. Imagine you not having root on a production system you're supposed to be responsible for. No matter how many times you tell your boss 'Look, I don't have root on it' you're still going to be responsible for it. And even then, imagine you saying 'I don't have root on it'.. what's going to happen? They're going to give you root. In the IT world, that's install SMS & Windows and get the box into a standard, supportable setup. It simply doesn't always work. As much as we'd like to be able to say 'I'm going to seek employment elsewhere', the truth of the matter is that work isn't as easy to find as it once was... like it or not, sometimes you have to run windows while you're using the velvet hammer to get them to accept the fact that you could do more running linux. It took me about 2 years, but I finally got my linux box, and when I did, they lost their objection to it. IMO, with persistence and real world examples, you'll eventually get to run linux. Until then, set up a box somewhere (clandestinely if needs be) and get yourself Xwin32 or eXceed or something. It's not perfect, but it'll do for a short time (did for me for 2 years). Ben -- We know next to nothing about virtually everything. It is not necessary to know the origin of the universe; it is necessary to want to know. Civilization depends not on any particular knowledge, but on the disposition to crave knowledge. -- George Will * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Open SSH for Red Hat 6.2
[EMAIL PROTECTED] writes: > So, why is it people are "forced" to use Windows? I really think > it's gotten to the point that you can use Linux if you want to with > out too much trouble. Barring the requirement of a very specialized > application that must be run under Windows, anyone who says they > *have* to use Windows but really *wants* to use Linux, is, IMO, > someone who's all talk. No, I had a job in the past where I had to use a shared box in a lab. I would have preferred to wipe the drive and install Linux, if I had my own box, but I was sharing a bunch of boxes with about 30 other users, plus any number of marketing guys visiting from other sites. I was able to get permission to install cygwin, but Linux simply was not an option. In that situation, I *wanted* to use Linux but I *had* to use Windows, and it certainly wasn't all talk. -- John Abreau / Executive Director, Boston Linux & Unix ICQ 28611923 / AIM abreauj / JABBER [EMAIL PROTECTED] / YAHOO abreauj Email [EMAIL PROTECTED] / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 "An idealist is just a farsighted pragmatist." -Anon msg15496/pgp0.pgp Description: PGP signature
Re: Open SSH for Red Hat 6.2
[EMAIL PROTECTED] writes: > I was "forced to use Windows" for about 1 day at my current job. I > thought about the cygwin route and got so far as getting it > installed and running X. But then I began to realize I missing > things I needed, like perl, so I'd install perl. Then something else > was missing, so I'd install that. I spent about 6-8 hours installing > "missing" stuff. Finally I gave up, figuring I could partition this > drive and install Linux in about 20 minutes, which is what I did. Sure, cygwin can't replace everything. I hadn't noticed that perl was missing last time I looked at it, but then I didn't spend all that much time in Windows itself. Mostly I was just ssh'ing to a Solaris box and running X applications from there. -- John Abreau / Executive Director, Boston Linux & Unix ICQ 28611923 / AIM abreauj / JABBER [EMAIL PROTECTED] / YAHOO abreauj Email [EMAIL PROTECTED] / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 "An idealist is just a farsighted pragmatist." -Anon msg15495/pgp0.pgp Description: PGP signature
Re: Open SSH for Red Hat 6.2
In a message dated: Sat, 06 Jul 2002 17:36:27 EDT Tom Rauschenbach said: >Sometimes some of that "talk" is company policy. Often when people say that >they are 'forced" to use Windows, they don't mean that that need Windows for >some reason or other, they mean that they are forced to use Windows. There >is no application that need at work that doesn't have a better replacement on >Linux. And I find the single desktop very limiting compared to my eight KDE >desktops. But my employer says "It's my machine and I say it runs Windows." Hmmm, I say: "You hired me to do a job and for my expertise required to do that job. I can do that job in one of two ways; efficiently or inefficiently. If you'd like me to be the most efficient I possibly can, then I require certain tools to do so. If you'd like me to be very inefficient, then the tools you provide might well help me do that. Btw, while I'm inefficiently doing the job using tools I'm not overly familiar with 'because you said so', I'll also be looking elsewhere for employment with a company who values efficiency of dictatorial and mindless rules without a decent understanding of what they're really in business for." They are not paying you to "use Windows", nor did they, I assume, hire you to "use Windows". I'm all for a corporate policy that states "We only *support* X." No problem, I can live with that, since it means that if I choose to use Y, I don't get support. Which is also fine, since if I intend to use Y and not X, I probably also understand I'm going to be supporting myself anyway. Ultimately, there is little stopping anyone from installing Linux on any system they have direct physical access to. Even if there is a coporate policy that says "We only support Windows", they're not going to know you're not using Windows. Of course, as I said, if the wording of the policy is "You must use only that software which we install", then I am very quickly going to be looking elsewhere for employment, since I can not possibly do any job they hire me for efficiently using Windows. Well, maybe I could use Windows to efficiently find and report bugs in that environment, but I can't think of much else. -- Seeya, Paul It may look like I'm just sitting here doing nothing, but I'm really actively waiting for all my problems to go away. If you're not having fun, you're not doing it right! * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Open SSH for Red Hat 6.2
On Saturday 06 July 2002 h:24, [EMAIL PROTECTED] wrote: > In a message dated: Tue, 02 Jul 2002 16:05:32 EDT > > > So, why is it people are "forced" to use Windows? I really think > it's gotten to the point that you can use Linux if you want to with > out too much trouble. Barring the requirement of a very specialized > application that must be run under Windows, anyone who says they > *have* to use Windows but really *wants* to use Linux, is, IMO, > someone who's all talk. Sometimes some of that "talk" is company policy. Often when people say that they are 'forced" to use Windows, they don't mean that that need Windows for some reason or other, they mean that they are forced to use Windows. There is no application that need at work that doesn't have a better replacement on Linux. And I find the single desktop very limiting compared to my eight KDE desktops. But my employer says "It's my machine and I say it runs Windows." > If you really *want* to use Linux, there > isn't anything stopping you at this point, barring that 1 specific, > specialized, odd-ball application. And you may as well try it under > the CodeWeaver's sw and/or Wine, Win4Lin, or VMWare! * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Open SSH for Red Hat 6.2
In a message dated: Tue, 02 Jul 2002 16:05:32 EDT John Abreau said: >When I'm forced to use Windows, I like to install cygwin, which includes >OpenSSH and has an XFree86 add-on. In the past, before I tried cygwin, >I would have recommended SecureCRT for Windows users; now I'd be >tempted to offer cygwin first, with SecureCRT as a secondary option. I was "forced to use Windows" for about 1 day at my current job. I thought about the cygwin route and got so far as getting it installed and running X. But then I began to realize I missing things I needed, like perl, so I'd install perl. Then something else was missing, so I'd install that. I spent about 6-8 hours installing "missing" stuff. Finally I gave up, figuring I could partition this drive and install Linux in about 20 minutes, which is what I did. Now I have a normal Linux system which is dual-boot with Win2K on it. Though the last time that was booted was my 2nd day at my new location just to see if the partitioning worked. My next dilemma was how to exist in an all Exchange environment. I bought the CodeWeaver software, Crossover Office which included Outlook 2000. With a few minor inconvenient bugs, it worked perfectly. It was bug-for-bug Outlook2K, with a couple of extra bugs thrown in just to remind you that Windows really does suck :) Of course, I then convinced my IS team that they should run the IMAP server on the Exchange server. Now I'm 100% Linux in an otherwise all Windows world. So, why is it people are "forced" to use Windows? I really think it's gotten to the point that you can use Linux if you want to with out too much trouble. Barring the requirement of a very specialized application that must be run under Windows, anyone who says they *have* to use Windows but really *wants* to use Linux, is, IMO, someone who's all talk. If you really *want* to use Linux, there isn't anything stopping you at this point, barring that 1 specific, specialized, odd-ball application. And you may as well try it under the CodeWeaver's sw and/or Wine, Win4Lin, or VMWare! -- Seeya, Paul It may look like I'm just sitting here doing nothing, but I'm really actively waiting for all my problems to go away. If you're not having fun, you're not doing it right! * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Open SSH for Red Hat 6.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At some point hitherto, Charles Farinella hath spake thusly: > At the risk of contributing to said flame war, these are the steps I > took to upgrade openssh on RedHat 6.2: [SNIP] > Not quite as easy, but pretty easy just the same, and I don't have to > expend the time looking for the 'right' .rpm, or one that doesn't exist. > > If there's anything wrong with this method, I hope someone will point it > out to me. IIRC, I believe that you have to explicitly enable PAM support if you want to use it. Red Hat uses PAM extensively for authentication, so it makes sense to use it with SSH as well. Not strictly required by any means, but if you ever switch to a different kind of password authentication scheme (like say, SHA hashes, as an unlikely example), SSH (probably) won't work with it unless you use PAM (or the latest version of openssh includes explicit support). - -- Derek Martin [EMAIL PROTECTED] - - I prefer mail encrypted with PGP/GPG! GnuPG Key ID: 0x81CFE75D Retrieve my public key at http://pgp.mit.edu Learn more about it at http://www.gnupg.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9Io6AdjdlQoHP510RAqZMAJ0cRgl4y0PXF+LLcsm4qiWSh9/lAQCeIQ+D HMxDzAsmIkIftvBnIzvsBco= =PnPq -END PGP SIGNATURE- * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Open SSH for Red Hat 6.2
If you happen to have a Rackspace box and use rackspace's RPMS, upgrade PAM to, as the openssh rpm adds a new security module that isn't in place with older PAMs. Whatever you do, do not log off your system until you are sure you can log into it! Trust me, I know! :-) On Tue, 2002-07-02 at 10:21, mike ledoux wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Tue, Jul 02, 2002 at 09:38:59AM -0400, Thomas M. Albright wrote: > > Can anybody help me find it? Or will I need to futz around with the > > SRPMs to make it work. Or (better still) are older versions of openssh > > not vulnerable? > > Well, I've built 3.4p1 RPMs for RH6.2 using the SRPM provided by the > OpenSSH folks, no problems. You need openssl 0.9.6 and openssl-devel > 0.9.6 (rpmfind.net, you want the ones from 'Libc6 Contribs') to build > it, and you'll need to change one line in the openssh.spec file to let > it know you're building for a RH6.x system. > > I really think you'd be better off building your own, but if you want > 'em, I can make the RPMs I've built available; they were compiled with > no Gnome, IPv6, or Kerberos5 crap, and are statically linked against > openssl 0.9.6, so they'll install on damn near any RH6.x system. > > - -- > [EMAIL PROTECTED] OpenPGP KeyID 0x57C3430B > Holder of Past Knowledge CS, O- > Put your wasted CPU cycles to use: http://www.distributed.net/ > "One world, one web, one program" Microsoft advertisement > "Ein Volk, Ein Reich, Ein Fuhrer" Adolf Hitler > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.0.7 (GNU/Linux) > Comment: The keyservers are broken. Get my valid public key from >http://www.volta.dyndns.org/~mwl/pgpkey.asc > > iD8DBQE9IbbZ5rgdHFfDQwsRArtbAJ9tvHfkODtHW+fXpTyDCy3jzUB/hQCff4tr > N9KmVMtGZLcHnZKH984LnhA= > =JJMt > -END PGP SIGNATURE- > > * > To unsubscribe from this list, send mail to [EMAIL PROTECTED] > with the text 'unsubscribe gnhlug' in the message body. > * * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Open SSH for Red Hat 6.2
On Tue, 2 Jul 2002, at 7:33pm, John Abreau wrote: >> One issue with cygwin is setting up a user id. I was not able to change >> cygwin's user id on my win2k system at work. It defaults to administrator. > > That's right, I had forgotten about that (haven't had to touch Windows in > ages). It was kind of annoying to have to use "-l" all the time. Couldn't you use the "User" directive in your $HOME/.ssh/config file, and then use "-l" if you want something else? -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Open SSH for Red Hat 6.2
Jerry Feldman <[EMAIL PROTECTED]> writes: > One issue with cygwin is setting up a user id. I was not able to change > cygwin's user id on my win2k system at work. It defaults to administrator. That's right, I had forgotten about that (haven't had to touch Windows in ages). It was kind of annoying to have to use "-l" all the time. -- John Abreau / Executive Director, Boston Linux & Unix ICQ 28611923 / AIM abreauj / JABBER [EMAIL PROTECTED] / YAHOO abreauj Email [EMAIL PROTECTED] / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 "An idealist is just a farsighted pragmatist." -Anon msg15464/pgp0.pgp Description: PGP signature
Re: Open SSH for Red Hat 6.2
One issue with cygwin is setting up a user id. I was not able to change cygwin's user id on my win2k system at work. It defaults to administrator. John Abreau wrote: > mike ledoux <[EMAIL PROTECTED]> writes: > > > I do as well, but I still ran into trouble; when statically linked > > with 0.9.5a, PuTTY couldn't connect, when statically linked with 0.9.6 > > everything works as expected. Unfortunately, we do have several windows > > users here that need to be able to access the servers. > > When I'm forced to use Windows, I like to install cygwin, which includes > OpenSSH and has an XFree86 add-on. In the past, before I tried cygwin, > I would have recommended SecureCRT for Windows users; now I'd be > tempted to offer cygwin first, with SecureCRT as a secondary option. > > Of course, cygwin could be difficult for the commandline-phobic to > handle. Does anybody know of any Windows gui ssh/scp/sftp front-ends > that use cygwin under the hood? -- -- Gerald Feldman <[EMAIL PROTECTED]> Boston Computer Solutions and Consulting ICQ#156300 PGP Key ID:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Open SSH for Red Hat 6.2
On Tue, 2002-07-02 at 14:24, Cole Tuininga wrote: > At the risk of starting a flame war, this is the kind of thing that > drove me to debian. > > Steps to perform in debian: > > Step 1) apt-get update > Step 2) apt-get -u upgrade > > Done. At the risk of contributing to said flame war, these are the steps I took to upgrade openssh on RedHat 6.2: mkdir /var/empty chown root:sys /var/empty chmod 755 /var/empty groupadd sshd useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd ./configure --prefix=/usr/sbin --sysconfdir=/etc/ssh \ --with-md5-passwords make make install /etc/rc.d/init.d/sshd restart Done. Not quite as easy, but pretty easy just the same, and I don't have to expend the time looking for the 'right' .rpm, or one that doesn't exist. If there's anything wrong with this method, I hope someone will point it out to me. --charlie -- Charlie Farinella [EMAIL PROTECTED] * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Open SSH for Red Hat 6.2
On Tue, 2 Jul 2002, at 3:36pm, mike ledoux wrote: > I do as well, but I still ran into trouble; when statically linked with > 0.9.5a, PuTTY couldn't connect, when statically linked with 0.9.6 > everything works as expected. Unfortunately, we do have several windows > users here that need to be able to access the servers. Interesting. I never actually tried that combination before, but I just did, and it worked. Red Hat Linux 6.2 + errata OpenSSL 0.9.5a-7.6.x OpenSSH 3.4p1-1 PuTTY 0.52 Obviously, you have solved the problem to your own satisfaction, but I figured it was worth mentioning. -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Open SSH for Red Hat 6.2
On Tue, 2 Jul 2002, at 1:56pm, Rodent of Unusual Size wrote: > Closer, but no SEE-gar (as Albert would say): > > auth2-pam.c:146: `__func__' undeclared (first use in this function) All I can say is, I've built it from SRPM several times, and even went back and did it when this thread first started, and it works just fine (minus the MS-Windows PuTTY issues Mike Ledoux describes). From your little rant there, I can tell you haven't installed the Red Hat errata for 6.2. Among other things, the errata includes the RPMs you had such trouble with, all packaged up and ready to go, in the right format so you can install RPM V4 without needing RPM V4 already installed. They also provide several things needed for OpenSSH, including PAM and OpenSSL. The README for OpenSSH does note this, BTW. A legitimate bitch here might be that the OpenSSH .spec file should be improved to require the minimum version of PAM it will work with. > 12. Force the install anyway.. You just invalidated your package management system. Is this, perhaps, why you are having trouble? I have noted that there appears to be a correlation between people who arbitrarily override package managers and people who dislike package managers. I suspect they cause their own problems. By overriding dependencies, something on the system does not have everything it needs, and can be expected to fail, likely in obscure ways. -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Open SSH for Red Hat 6.2
On Tue, Jul 02, 2002 at 02:24:48PM -0400, Cole Tuininga wrote: [snip] > [snip of Ken's frustrating attempt to upgrade ssh] > > At the risk of starting a flame war, this is the kind of thing that > drove me to debian. > > Steps to perform in debian: > > Step 1) apt-get update > Step 2) apt-get -u upgrade > > Done. Okay, I'll bite. ;-) Tell me: Will debian do that with when they *never released any version* of the package for the release you are trying to update? You can't expect support for something from a vendor (or non-profit even, whatever) that they never shipped in the first place. Namely, openssh for Red Hat 6.2. I do have the answer for this, by the way, but won't have time to dig it up until I get home later tonight. I'll post it then. -- -Paul Iadonisi Senior System Administrator Red Hat Certified Engineer / Local Linux Lobbyist Ever see a penguin fly? -- Try Linux. GPL all the way: Sell services, don't lease secrets * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Open SSH for Red Hat 6.2
mike ledoux <[EMAIL PROTECTED]> writes: > I do as well, but I still ran into trouble; when statically linked > with 0.9.5a, PuTTY couldn't connect, when statically linked with 0.9.6 > everything works as expected. Unfortunately, we do have several windows > users here that need to be able to access the servers. When I'm forced to use Windows, I like to install cygwin, which includes OpenSSH and has an XFree86 add-on. In the past, before I tried cygwin, I would have recommended SecureCRT for Windows users; now I'd be tempted to offer cygwin first, with SecureCRT as a secondary option. Of course, cygwin could be difficult for the commandline-phobic to handle. Does anybody know of any Windows gui ssh/scp/sftp front-ends that use cygwin under the hood? -- John Abreau / Executive Director, Boston Linux & Unix ICQ 28611923 / AIM abreauj / JABBER [EMAIL PROTECTED] / YAHOO abreauj Email [EMAIL PROTECTED] / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 "An idealist is just a farsighted pragmatist." -Anon msg15453/pgp0.pgp Description: PGP signature
Re: Open SSH for Red Hat 6.2
On Tue, 2002-07-02 at 13:56, Rodent of Unusual Size wrote: > [EMAIL PROTECTED] wrote: > > > > Ummm... oh, yeah, duh. *forehead slap* You need to add a define. > > Like this: > > > > rpm --rebuild openssh-3.4p1-1.src.rpm --define 'build_6x 1' > > Closer, but no SEE-gar (as Albert would say): > > auth2-pam.c:146: `__func__' undeclared (first use in this function) > > Meanwhile, I'm trying to get the OpenSSL 0.9.6 source RPM installed: [snip of Ken's frustrating attempt to upgrade ssh] At the risk of starting a flame war, this is the kind of thing that drove me to debian. Steps to perform in debian: Step 1) apt-get update Step 2) apt-get -u upgrade Done. -- "Check out Snort. It sounds like a perfect match for you." -Security Focus's "Security Basics" maillist Cole Tuininga Lead Developer Code Energy, Inc [EMAIL PROTECTED] PGP Key ID: 0x43E5755D * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Open SSH for Red Hat 6.2
[EMAIL PROTECTED] wrote: > > Ummm... oh, yeah, duh. *forehead slap* You need to add a define. > Like this: > > rpm --rebuild openssh-3.4p1-1.src.rpm --define 'build_6x 1' Closer, but no SEE-gar (as Albert would say): auth2-pam.c:146: `__func__' undeclared (first use in this function) Meanwhile, I'm trying to get the OpenSSL 0.9.6 source RPM installed: 1. --rebuild openssl 0.9.6 Uh, no, you need RPM >= 4. 2. Download RPM 4 source RPM, try to build.. Uh, no, you need RPM >= 4. (!) @&#*(&&!!! 3. Download and try to install the RPM 4 binary.. Uh, no, you need libdb-3.1.so @&#*(&&!!! 4. Download and install db3-3.1 binary RPM.. Success! (Whew!) 5. Install RPM 4 binary RPM.. Success! 6. Try to --rebuild openssl 0.9.6 source.. RPM gives usage display (??? Oh. Need to install rpm-build RPM) 7. Install rpm-build RPM Success! 8. Try to --rebuild openssl again.. Uh, no, you need python-devel (???) @&#*(&&!!! 9. Download python-devel from RedHat full-distrib FTP site; try to install Success! 10. Try to --rebuild openssl 0.9.6.. Success! 11. Try to install newly-built openssl.. Uh, no, it needs perl and installing it will break mutt @&#*(&&!!! 12. Force the install anyway.. Success! It would be funny if it weren't so pathetic.. -- #kenP-)} Ken Coar, Sanagendamgagwedweinini http://Golux.Com/coar/ Author, developer, opinionist http://Apache-Server.Com/ "Millennium hand and shrimp!" * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Open SSH for Red Hat 6.2
On Tue, 2 Jul 2002, at 10:43am, mike ledoux wrote: > (OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1 > Blowfish included) do not work correctly.) Ah. No wonder I never noticed, I use Protocol 2 in my configuration files. :-) -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Open SSH for Red Hat 6.2
On Tue, 2 Jul 2002, at 10:21am, mike ledoux wrote: > Well, I've built 3.4p1 RPMs for RH6.2 using the SRPM provided by the > OpenSSH folks, no problems. You need openssl 0.9.6 and openssl-devel > 0.9.6 ... It also "works for me" with the openssl 0.95a package from Red Hat 6.2 errata. -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Open SSH for Red Hat 6.2
On Tue, 2 Jul 2002, at 10:24am, Rodent of Unusual Size wrote: >> rpm --rebuild name-of-source-rpm-file > > Nice advice, but doesn't work; the build fails with cipher.c not finding a > few EVP_CIPH_* symbols. Ummm... oh, yeah, duh. *forehead slap* You need to add a define. Like this: rpm --rebuild openssh-3.4p1-1.src.rpm --define 'build_6x 1' -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Open SSH for Red Hat 6.2
[EMAIL PROTECTED] wrote: > > Building an RPM from source is pathetically easy. Simple execute: > > rpm --rebuild name-of-source-rpm-file Nice advice, but doesn't work; the build fails with cipher.c not finding a few EVP_CIPH_* symbols. -- #kenP-)} Ken Coar, Sanagendamgagwedweinini http://Golux.Com/coar/ Author, developer, opinionist http://Apache-Server.Com/ "Millennium hand and shrimp!" * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Open SSH for Red Hat 6.2
On Tue, 2 Jul 2002, at 9:38am, Thomas M. Albright wrote: > Can anybody help me find it? Or will I need to futz around with the SRPMs > to make it work. Building an RPM from source is pathetically easy. Simple execute: rpm --rebuild name-of-source-rpm-file You will find the resulting binary RPMs in: /usr/src/redhat/RPMS/ Then install them. That is all you need to do. > Or (better still) are older versions of openssh not vulnerable? You can disable some options, but all in all, you really, really should upgrade to the latest release. -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
