Re: The same debian - different packages
On Wed, Sep 24, 2003 at 10:08:36PM +0700, Jean Christophe ANDR? wrote: Could you please show us a apt-cache policy ssh on both servers? Here is mine: # apt-cache policy ssh ssh: Installed: 1:3.4p1-1.woody.3 Candidate: 1:3.4p1-1.woody.3 Version Table: *** 1:3.4p1-1.woody.3 0 500 http://security.debian.org woody/updates/main Packages 100 /var/lib/dpkg/status 1:3.4p1-1 0 500 http://ftp.us.debian.org woody/main Packages Here you are: serverA:~# apt-cache policy ssh ssh: Installed: 1:3.4p1-1.woody.3 Candidate: 1:3.4p1-1.woody.3 Version Table: *** 1:3.4p1-1.woody.3 0 500 http://security.debian.org woody/updates/main Packages 100 /var/lib/dpkg/status 1:3.4p1-1 0 500 http://http.us.debian.org woody/main Packages serverB:~# apt-cache policy ssh ssh: Installed: 1:3.4p1-2 Candidate: 1:3.4p1-2 Version Table: *** 1:3.4p1-2 0 100 /var/lib/dpkg/status 1:3.4p1-1.woody.3 0 500 http://security.debian.org woody/updates/main Packages 1:3.4p1-1 0 500 http://http.us.debian.org woody/main Packages We can see the differences. But how to change it ? przemol -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: The same debian - different packages
On Thu, Sep 25, 2003 at 02:27:01PM +0700, Jean Christophe ANDR? wrote: What do you have in /usr/share/doc/ssh/changelog.Debian.gz? openssh (1:3.4p1-2) unstable; urgency=high * Get a security-fixed version into unstable * Also tidy README.Debian up a little -- Matthew Vernon [EMAIL PROTECTED] Fri, 28 Jun 2002 17:20:59 +0100 openssh (1:3.4p1-1) testing; urgency=high * Extend my tendrils back into this package (Closes: #150915, #151098) * thanks to the security team for their work * no thanks to ISS/Theo de Raadt for their handling of these bugs * save old sshd_configs to sshd_config.dpkg-old when auto-generating a new one * tell/ask the user about PriviledgeSeparation * /etc/init.d/ssh run will now create the chroot empty dir if necessary * Remove our previous statoverride on /usr/bin/ssh (only for people upgrading from a version where we'd put one in ourselves!) * Stop slandering Russia, since someone asked so nicely (Closes: #148951) * Reduce the sleep time in /etc/init.d/ssh during a restart -- Matthew Vernon [EMAIL PROTECTED] Fri, 28 Jun 2002 15:52:10 +0100 przemol -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: The same debian - different packages
On Wed, Sep 24, 2003 at 10:08:36PM +0700, Jean Christophe ANDR? wrote: Could you please show us a apt-cache policy ssh on both servers? Here is mine: # apt-cache policy ssh ssh: Installed: 1:3.4p1-1.woody.3 Candidate: 1:3.4p1-1.woody.3 Version Table: *** 1:3.4p1-1.woody.3 0 500 http://security.debian.org woody/updates/main Packages 100 /var/lib/dpkg/status 1:3.4p1-1 0 500 http://ftp.us.debian.org woody/main Packages Here you are: serverA:~# apt-cache policy ssh ssh: Installed: 1:3.4p1-1.woody.3 Candidate: 1:3.4p1-1.woody.3 Version Table: *** 1:3.4p1-1.woody.3 0 500 http://security.debian.org woody/updates/main Packages 100 /var/lib/dpkg/status 1:3.4p1-1 0 500 http://http.us.debian.org woody/main Packages serverB:~# apt-cache policy ssh ssh: Installed: 1:3.4p1-2 Candidate: 1:3.4p1-2 Version Table: *** 1:3.4p1-2 0 100 /var/lib/dpkg/status 1:3.4p1-1.woody.3 0 500 http://security.debian.org woody/updates/main Packages 1:3.4p1-1 0 500 http://http.us.debian.org woody/main Packages We can see the differences. But how to change it ? przemol
Re: The same debian - different packages
On Thu, Sep 25, 2003 at 02:27:01PM +0700, Jean Christophe ANDR? wrote: What do you have in /usr/share/doc/ssh/changelog.Debian.gz? openssh (1:3.4p1-2) unstable; urgency=high * Get a security-fixed version into unstable * Also tidy README.Debian up a little -- Matthew Vernon [EMAIL PROTECTED] Fri, 28 Jun 2002 17:20:59 +0100 openssh (1:3.4p1-1) testing; urgency=high * Extend my tendrils back into this package (Closes: #150915, #151098) * thanks to the security team for their work * no thanks to ISS/Theo de Raadt for their handling of these bugs * save old sshd_configs to sshd_config.dpkg-old when auto-generating a new one * tell/ask the user about PriviledgeSeparation * /etc/init.d/ssh run will now create the chroot empty dir if necessary * Remove our previous statoverride on /usr/bin/ssh (only for people upgrading from a version where we'd put one in ourselves!) * Stop slandering Russia, since someone asked so nicely (Closes: #148951) * Reduce the sleep time in /etc/init.d/ssh during a restart -- Matthew Vernon [EMAIL PROTECTED] Fri, 28 Jun 2002 15:52:10 +0100 przemol
The same debian - different packages
I have strange result on two our debian servers - both are woody. The first one (A) has kerenel 2.4.19, the other one (B) - 2.4.22. The A server is almost daily checked against new packages, the B server was upgraded yesterday. Both have the same sources.list But server A: serverA:~# dpkg -l ssh Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name VersionDescription +++-==-==- ii ssh3.4p1-1.woody.3Secure rlogin/rsh/rcp replacement (OpenSSH) While server B: serverB:~# dpkg -l ssh Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name VersionDescription +++-==-==- ii ssh3.4p1-2Secure rlogin/rsh/rcp replacement (OpenSSH) Why the two servers, upgraded from the same server have different ssh packages ? The same is with some other packages, e.g.: xfree86-common przemol -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: The same debian - different packages
On Wed, Sep 24, 2003 at 02:46:44PM +0200, J.H.M. Dassen (Ray) wrote: On Wed, Sep 24, 2003 at 13:04:20 +, [EMAIL PROTECTED] wrote: I have strange result on two our debian servers - both are woody. The first one (A) has kerenel 2.4.19, the other one (B) - 2.4.22. The A server is almost daily checked against new packages, the B server was upgraded yesterday. Both have the same sources.list And /etc/apt/preferences? Sounds like they're using different pinning settings. serverA:~# cat /etc/apt/preferences cat: /etc/apt/preferences: No such file or directory The same on server B. przemol -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
The same debian - different packages
I have strange result on two our debian servers - both are woody. The first one (A) has kerenel 2.4.19, the other one (B) - 2.4.22. The A server is almost daily checked against new packages, the B server was upgraded yesterday. Both have the same sources.list But server A: serverA:~# dpkg -l ssh Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name VersionDescription +++-==-==- ii ssh3.4p1-1.woody.3Secure rlogin/rsh/rcp replacement (OpenSSH) While server B: serverB:~# dpkg -l ssh Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name VersionDescription +++-==-==- ii ssh3.4p1-2Secure rlogin/rsh/rcp replacement (OpenSSH) Why the two servers, upgraded from the same server have different ssh packages ? The same is with some other packages, e.g.: xfree86-common przemol
Re: ssh banner
On Fri, Oct 18, 2002 at 04:13:22PM +0200, Johannes Berth wrote: * [EMAIL PROTECTED] [EMAIL PROTECTED]: SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? You don't want to disable it. Oh, really ?! Are you refering to SSH-2.0 or to OpenSSH_3.4p1 Debian 1:3.4p1-1 ? przemol
ssh banner
Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? przemol -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh banner
On Fri, Oct 18, 2002 at 03:23:42PM +0200, Aleksander Iwanski wrote: On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote: Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 Edit sshd_config find the line with something like Banner /etc/issue.net and set # Banner /etc/issue.net killall -9 sshd przemek:~# grep -i banner /etc/ssh/sshd_config #Banner /etc/issue.net przemol -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh banner
On Fri, Oct 18, 2002 at 03:23:18PM +0200, vdongen wrote: Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? This banner is needed information for a ssh client connecting to your server, therefor you better not disable it. Well, I agree e.g. SSH-2.0. But the rest ? It allow easily recognise what system is the server. przemol -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh banner
On Fri, Oct 18, 2002 at 03:30:01PM +0200, Tobias Rosenstock wrote: On Fri, 18 Oct 2002 [EMAIL PROTECTED] wrote: Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? edit /etc/ssh/sshd_config and put a comment mark (#) at the beginning of the line that says Banner /etc/issue.net or something like that. It is set (commented) by default. przemol -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
ssh banner
Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? przemol
Re: ssh banner
On Fri, Oct 18, 2002 at 03:23:18PM +0200, vdongen wrote: Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? This banner is needed information for a ssh client connecting to your server, therefor you better not disable it. Well, I agree e.g. SSH-2.0. But the rest ? It allow easily recognise what system is the server. przemol
Re: ssh banner
On Fri, Oct 18, 2002 at 03:30:01PM +0200, Tobias Rosenstock wrote: On Fri, 18 Oct 2002 [EMAIL PROTECTED] wrote: Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? edit /etc/ssh/sshd_config and put a comment mark (#) at the beginning of the line that says Banner /etc/issue.net or something like that. It is set (commented) by default. przemol
Re: ssh banner
On Fri, Oct 18, 2002 at 03:23:42PM +0200, Aleksander Iwanski wrote: On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote: Woody host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 Edit sshd_config find the line with something like Banner /etc/issue.net and set # Banner /etc/issue.net killall -9 sshd przemek:~# grep -i banner /etc/ssh/sshd_config #Banner /etc/issue.net przemol
Re: ssh banner
On Fri, Oct 18, 2002 at 09:42:14AM -0400, Phillip Hofmeister wrote: On Fri, 18 Oct 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote: host:/home/przemoltelnet 192.168.x.y ssh Trying 192.168.x.y... Connected to 192.168.x.y. Escape character is '^]'. SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 How can I disable the message ? If you attempt to disable this message your ssh clients will not work. See the SSH rfc in /usr/doc/ssh. You will find that both client and server exchange Verson information as part of the connection establishment/handshake. If version information of ssh protocol - that's ok. But I don't belive that string -OpenSSH_3.4p1 Debian 1:3.4p1-1 is required as part of protocol ;-) You can; however, recompile and get rid of the Debian 1:3.4p1-1 part... Why isn't it done by default ? przemol
