Re: OpenSSH in Woody
* Francois Sauterey ([EMAIL PROTECTED]) [030922 22:36]: Le 13:56 22/09/03 -0400, George Georgalis nous a écrit : ** Message d'origine ** Most of my debian installs took the recent ssh updates without a hiccup, but two of them deposited the file /etc/ssh/sshd_not_to_be_run before restarting and left no daemon listening. and what's about ssh/potato ? I don't see any thing about a new upgrade foir ssh in potato ? Because potato doesn't get any security upgrades any more. Cheers, Andi -- http://home.arcor.de/andreas-barth/ PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OpenSSH in Woody
* Francois Sauterey ([EMAIL PROTECTED]) [030922 22:36]: Le 13:56 22/09/03 -0400, George Georgalis nous a écrit : ** Message d'origine ** Most of my debian installs took the recent ssh updates without a hiccup, but two of them deposited the file /etc/ssh/sshd_not_to_be_run before restarting and left no daemon listening. and what's about ssh/potato ? I don't see any thing about a new upgrade foir ssh in potato ? Because potato doesn't get any security upgrades any more. Cheers, Andi -- http://home.arcor.de/andreas-barth/ PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C
Re: OpenSSH in Woody
In article [EMAIL PROTECTED] you wrote: and what's about ssh/potato ? I don't see any thing about a new upgrade foir ssh in potato ? Potato is not anymore supported by debian security team, as you can read in the faq. t is unfortunate, I still have some systems running.. well.. thanks god no accessable sh daemon. I did not managed to build the woody pacages on my boxes yet, missing some dependencies and I did not yet find a good aptget archive which still works. IS archive.debian.org supposed to be apt-getable for source and binaries? Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OpenSSH in Woody
In article [EMAIL PROTECTED] you wrote: and what's about ssh/potato ? I don't see any thing about a new upgrade foir ssh in potato ? Potato is not anymore supported by debian security team, as you can read in the faq. t is unfortunate, I still have some systems running.. well.. thanks god no accessable sh daemon. I did not managed to build the woody pacages on my boxes yet, missing some dependencies and I did not yet find a good aptget archive which still works. IS archive.debian.org supposed to be apt-getable for source and binaries? Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/
Re: OpenSSH in Woody
Most of my debian installs took the recent ssh updates without a hiccup,
but two of them deposited the file /etc/ssh/sshd_not_to_be_run before
restarting and left no daemon listening.
I found this bit of code in /var/lib/dpkg/info/ssh.postinst
setup_startup() {
start=yes
[ -e /usr/share/debconf/confmodule ] {
db_get ssh/run_sshd
start=$RET
}
if [ $start != true ] ; then
/etc/init.d/ssh stop 21 /dev/null
touch /etc/ssh/sshd_not_to_be_run
else
rm -f /etc/ssh/sshd_not_to_be_run 2/dev/null
fi
}
but I don't see the intent of the logic, or why one box would touch the
file but the other wouldn't? Ah, must have been in the initial debconf
for ssh. but when I do dpkg --configure ssh I get:
dpkg: error processing ssh (--configure):
package ssh is already installed and configured
Errors were encountered while processing:
ssh
Maybe --force-things would get around that, but I don't want to
regenerate my host keys.
How can I change this setting or control whether future updates create
the file?
// George
--
GEORGE GEORGALIS, System Admin/Architectcell: 646-331-2027IXOYE
Security Services, Web, Mail,mailto:[EMAIL PROTECTED]
Multimedia, DB, DNS and Metrics. http://www.galis.org/george
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OpenSSH in Woody
On Mon, Sep 22, 2003 at 01:56:14PM -0400, George Georgalis wrote: How can I change this setting or control whether future updates create the file? dpkg-reconfigure ssh Mike Stone -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OpenSSH in Woody
On Mon, Sep 22, 2003 at 02:32:10PM -0400, Michael Stone wrote: On Mon, Sep 22, 2003 at 01:56:14PM -0400, George Georgalis wrote: How can I change this setting or control whether future updates create the file? dpkg-reconfigure ssh Mike Stone thanks - -- GEORGE GEORGALIS, System Admin/Architectcell: 646-331-2027IXOYE Security Services, Web, Mail,mailto:[EMAIL PROTECTED] Multimedia, DB, DNS and Metrics. http://www.galis.org/george -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OpenSSH in Woody
Le 13:56 22/09/03 -0400, George Georgalis nous a écrit : ** Message d'origine ** Most of my debian installs took the recent ssh updates without a hiccup, but two of them deposited the file /etc/ssh/sshd_not_to_be_run before restarting and left no daemon listening. and what's about ssh/potato ? I don't see any thing about a new upgrade foir ssh in potato ? Francois Sauterey mailto:[EMAIL PROTECTED] Mon hébergeur ? http://www.ras.eu.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OpenSSH in Woody
On Mon, Sep 22, 2003 at 09:50:45PM +0200, Francois Sauterey wrote: Le 13:56 22/09/03 -0400, George Georgalis nous a ?crit : ** Message d'origine ** Most of my debian installs took the recent ssh updates without a hiccup, but two of them deposited the file /etc/ssh/sshd_not_to_be_run before restarting and left no daemon listening. and what's about ssh/potato ? I don't see any thing about a new upgrade foir ssh in potato ? security updates for potato ended in June (almost four months ago). -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OpenSSH in Woody
Most of my debian installs took the recent ssh updates without a hiccup,
but two of them deposited the file /etc/ssh/sshd_not_to_be_run before
restarting and left no daemon listening.
I found this bit of code in /var/lib/dpkg/info/ssh.postinst
setup_startup() {
start=yes
[ -e /usr/share/debconf/confmodule ] {
db_get ssh/run_sshd
start=$RET
}
if [ $start != true ] ; then
/etc/init.d/ssh stop 21 /dev/null
touch /etc/ssh/sshd_not_to_be_run
else
rm -f /etc/ssh/sshd_not_to_be_run 2/dev/null
fi
}
but I don't see the intent of the logic, or why one box would touch the
file but the other wouldn't? Ah, must have been in the initial debconf
for ssh. but when I do dpkg --configure ssh I get:
dpkg: error processing ssh (--configure):
package ssh is already installed and configured
Errors were encountered while processing:
ssh
Maybe --force-things would get around that, but I don't want to
regenerate my host keys.
How can I change this setting or control whether future updates create
the file?
// George
--
GEORGE GEORGALIS, System Admin/Architectcell: 646-331-2027IXOYE
Security Services, Web, Mail,mailto:[EMAIL PROTECTED]
Multimedia, DB, DNS and Metrics. http://www.galis.org/george
Re: OpenSSH in Woody
On Mon, Sep 22, 2003 at 01:56:14PM -0400, George Georgalis wrote: How can I change this setting or control whether future updates create the file? dpkg-reconfigure ssh Mike Stone
Re: OpenSSH in Woody
On Mon, Sep 22, 2003 at 02:32:10PM -0400, Michael Stone wrote: On Mon, Sep 22, 2003 at 01:56:14PM -0400, George Georgalis wrote: How can I change this setting or control whether future updates create the file? dpkg-reconfigure ssh Mike Stone thanks - -- GEORGE GEORGALIS, System Admin/Architectcell: 646-331-2027IXOYE Security Services, Web, Mail,mailto:[EMAIL PROTECTED] Multimedia, DB, DNS and Metrics. http://www.galis.org/george
Re: OpenSSH in Woody
Le 13:56 22/09/03 -0400, George Georgalis nous a écrit : ** Message d'origine ** Most of my debian installs took the recent ssh updates without a hiccup, but two of them deposited the file /etc/ssh/sshd_not_to_be_run before restarting and left no daemon listening. and what's about ssh/potato ? I don't see any thing about a new upgrade foir ssh in potato ? Francois Sauterey mailto:[EMAIL PROTECTED] Mon hébergeur ? http://www.ras.eu.org
Re: OpenSSH in Woody
On Mon, Sep 22, 2003 at 09:50:45PM +0200, Francois Sauterey wrote: Le 13:56 22/09/03 -0400, George Georgalis nous a ?crit : ** Message d'origine ** Most of my debian installs took the recent ssh updates without a hiccup, but two of them deposited the file /etc/ssh/sshd_not_to_be_run before restarting and left no daemon listening. and what's about ssh/potato ? I don't see any thing about a new upgrade foir ssh in potato ? security updates for potato ended in June (almost four months ago). -- - mdz
Re: OpenSSH in Woody
On Sat, Sep 20, 2003 at 06:34:53AM +0300, Birzan George Cristian wrote: When is there going to be a patched version of OpenSSH for stable? Sid got the fixed one (3.6.1p2-9), but there's no fixed version for Stable on security.debian.org. I've rolled my own version of this. It can be found at http://wolfheart.ro/debian/ssh/ I only compiled it for i386 because that's the only arch I have access to. :-) It's just a backport of the patch applied on 3.6.1p2-9. -- Regards Birzan George Cristian signature.asc Description: Digital signature
Re: OpenSSH in Woody
On Sat, Sep 20, 2003 at 06:34:53AM +0300, Birzan George Cristian wrote: When is there going to be a patched version of OpenSSH for stable? Sid got the fixed one (3.6.1p2-9), but there's no fixed version for Stable on security.debian.org. I've rolled my own version of this. It can be found at http://wolfheart.ro/debian/ssh/ I only compiled it for i386 because that's the only arch I have access to. :-) It's just a backport of the patch applied on 3.6.1p2-9. -- Regards Birzan George Cristian signature.asc Description: Digital signature
Re: OpenSSH in Woody
On Sat, Sep 20, 2003 at 06:34:53AM +0300, Birzan George Cristian wrote: When is there going to be a patched version of OpenSSH for stable? Sid got the fixed one (3.6.1p2-9), but there's no fixed version for Stable on security.debian.org. P.S. I'm talking about CAN-2003-0682, not CAN-2003-0693 and CAN-2003-0695 which have already been fixed. As a side note, shouldn't the changelog.Debian list which vulnerabilities have been addressed? You can always use www.debian.org/security/crossreferences for this which it is updated even after the packages have been uploaded and thus is much more current than the packages' Changelog. Regards Javi pgp0.pgp Description: PGP signature
Re: OpenSSH in Woody
On Sat, Sep 20, 2003 at 06:34:53AM +0300, Birzan George Cristian wrote: When is there going to be a patched version of OpenSSH for stable? Sid got the fixed one (3.6.1p2-9), but there's no fixed version for Stable on security.debian.org. P.S. I'm talking about CAN-2003-0682, not CAN-2003-0693 and CAN-2003-0695 which have already been fixed. As a side note, shouldn't the changelog.Debian list which vulnerabilities have been addressed? You can always use www.debian.org/security/crossreferences for this which it is updated even after the packages have been uploaded and thus is much more current than the packages' Changelog. Regards Javi pgpWRyOLLo8NT.pgp Description: PGP signature
Re: OpenSSH in Woody
On Sat, Sep 20, 2003 at 06:34:53AM +0300, Birzan George Cristian wrote: P.S. I'm talking about CAN-2003-0682, not CAN-2003-0693 and CAN-2003-0695 which have already been fixed. As a side note, shouldn't the changelog.Debian list which vulnerabilities have been addressed? When the CAN is known, it does. The last ssh update was put together before a CAN was selected. Mike Stone -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OpenSSH in Woody
On Sat, Sep 20, 2003 at 06:34:53AM +0300, Birzan George Cristian wrote: P.S. I'm talking about CAN-2003-0682, not CAN-2003-0693 and CAN-2003-0695 which have already been fixed. As a side note, shouldn't the changelog.Debian list which vulnerabilities have been addressed? When the CAN is known, it does. The last ssh update was put together before a CAN was selected. Mike Stone
