On Fri, Jun 28, 2002 at 06:52:40PM -0600, Scott Gerhardt wrote:
For the sshd fix, could't I just strip the base openssh from the system and
install the updated openssh-3.4 from the ports?
If so, what is the best method to disable/eliminate openssh from the base
system?
This is what I did, and it seems to work. (I'd be grateful if someone
pointed out anything I did wrong. Part of it was gotten from a post
by someone else, and the rest I figured out, for better or worse, on
my own.
cvsup ports to make sure you have 3.4.
Make install.
Edit /etc/rc.conf
Change enable_sshd=YES to a NO
add the line
sshd_program=/usr/local/sbin/ssshd
In /usr/local/etc/rc.d you'll find that it's put a script called
sshd.sh.sample. Rename that to sshd.sh
You've probably seen the various advisories that suggest taking the
ChallengeResponse line and changing it to no (and uncomment it as
well)
Lastly, until I renamed /usr/sbin/sshd, it kept giving me the old
version number--so, stop sshd, and rename /usr/sbin/sshd to something
else. Then, start the new one
/usr/local/sbin/sshd
This seems to work.
HTH
Scott Robbins
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-security in the body of the message
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
