Also, if you are replacing ssh, please note that /usr/local/bin has an
ancient version of ssh (the semi-commercial one, not OpenSSH). I think
it would be wise to get rid of it while we are at it.
Also, upgrading ssh sometimes doesn't upgrade all the libraries, leaving
ssh still vulnerable. The best thing to do is, after installing the new
ssh, make sure that it is not vulnerable to the known attack. Basically,
just run it with "-d" and bind it to some port. Then connect to it using:
ssh -v -l `perl -e '{print "A"x88000}'` localhost -p port
and see whether the daemon segfaults. If it does - your vulnerable.
Shachar
guy keren wrote:
>On Wed, 26 Dec 2001, Shlomi Fish wrote:
>
>>Can someone please configure the firewall so it will grant access to
>>a certain high port number, which is not already taken. Something like:
>>12345 or so. I need it to run the second SSH daemon.
>>
>
>certainly not a high port. we'll open a priviledged port for that purpose.
>i'll set up port '29' for that purpose (why 29? no reason). run your extra
>sshd on that port during the upgrade.
>
>ok, done. please test the new ssh server first on port 29, and after it
>works - switch the 2. after they realy realy work - make sure it'll also
>work after a reboot (i've seen people forgetting to check that - and i had
>to make a trip to actcom to add a startup script).
>
>thanks,
>
>--
>guy
>
>"For world domination - press 1,
> or dial 0, and please hold, for the creator." -- nob o. dy
>
>
>----------------------------------------------------------------------------
>To unsubscribe, send a message to [EMAIL PROTECTED]
>Archives available at http://www.mail-archive.com/[email protected]/
>
----------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED]
Archives available at http://www.mail-archive.com/[email protected]/
