On Tue, Oct 19, 2004 at 09:00:19AM -0500, gp wrote: > We installed Linux on the box from a RH7.2 CD so I guess it was all > right off the CD. I did a rpm -qa and my version is > openssh-server-2.9p2-7. And actually I wanted to upgrade the openssh but > there were a lot of dependencies. My problem really re-started on an > attack on SSH on our box. I am not sure if my OpenSSH version have a > vulnerability but my guess it has. Thanks for the advices guys.
OMG. Please, for your sake I hope you upgrade this soon! All you need to do is build an RPM yourself given the spec file in the OpenSSH tarball. Remember to disable all the extra baggage in the spec file about askpass and Kerberos so that things build smoothly. If you're redeploying on many machines I would recommend you also set the static libcrypto so that you can just copy the RPM's over and not worry about openssl versions. Be careful about OpenSSL versions that have been known to have vulnerabilities as well... -- dido "...ang PUMATAY nang dahil sa iyo!" -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
