guy keren wrote:
>
>since shlomi's already compiled it from source, using SRPMs would be
>pointless. besides, it _seems_ to me that RPMs for openssh lag behind, and
>thus it'll be better to install this one package from source, rather then
>from RPMs. note that i looked at RPMs, not at SRPMs.
>
>in any case, please don't maintain a dual system - either from tgz, or
>from RPM - but not both. its enough that you coordinate this with shlomi,
>and after you're done, just let the rest of us know what you did.
>
>--
>guy
>
I don't have Shlomi's phone number, but I can see how the system is set
up. I'll explain my dillema -
Right now, RPMs are installed for OpenSSL (version 0.9.5a) and OpenSSH
(2.1.1p4). They are installed in /usr/lib and /usr/bin respectively
(where RPMs usually go).
Latest versions are 0.9.6c and 3.0.2p1 respectevely. Shlomi has them
installed as individual files under /usr/local/ssl/lib and
/usr/local/bin respectevely.
The boot script that loads the ssh daemon is run from
/etc/rc.d/init.d/sshd, which was installed from the openssh RPM. It was
modified by Shlomi to run from /usr/local/sbin, so that the new version
be run.
The openssh site gives out a binary RPM, but it was built for RedHat 7.2
I don't know whether it will install (I noticed that RPMv4 was
installed, but I am not sure I want to try it out). Due to the path
structure, however, when you simply type "ssh" from the command prompt,
you get the RPM version (from /usr/bin) rather than the new version.
What I will do is leave Shlomi's installation of openssh at /usr/local/.
I will add another boot script to load the new ssh again on port 29 from
alternate configuration, and remove the RPMs. I will then make sure that
all SSHs still work, and replace the configuration.
Just for general knowledge, the last time I was managing a RedHat
system, I had telnet running on the machine. There was not a single SSH
upgrade that did not require a non-encrypted login, followed by a root
password change.
Here goes....
Shachar
----------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED]
Archives available at http://www.mail-archive.com/[email protected]/
