Well if you realy want the latest openssh install openssh from ports (portinstall openssh or portinstall openssh-portable) you will have to use portable to build with pam if I remember rightly. The version in the base system does not actualy have the vulnerability Nessus is refering to as it was patched umm 2003-10-05 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:15.openssh.a sc
In terms of gotchas there arent many, Read /usr/ports/security/openssh(-portable)/pkg-message And unless you use the OPENSSH_OVERWRITE_BASE option I think you may have to manualy move your existing hostkeys to /usr/local/etc and re-edit the new Config files (I could be wrong here as it's a while since I bothered changing from the version in base) Vince > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ray Seals > Sent: 19 July 2004 18:15 > To: [EMAIL PROTECTED] > Subject: Nessus scan of FreeBSD 5.2.1 shows old version of ssh > > I just ran a Nessus scan against one of my machines. The > scan triggered on a version of ssh older than 3.7.1. > > I ran /usr/bin/ssh -v and found that I have version 3.6.1p1. > I'm looking for the best way to upgrade this. Can I just > install and run 'portupgrade' on SSH? What are some of the > "gotcha" points on doing this? > > -- > Ray Seals <[EMAIL PROTECTED]> > > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"