Updating OpenSSH from source
Konstantin Riabitsev
yellowdog-general@lists.terrasoftsolutions.com
Wed Jun 26 15:36:02 2002
--=-fhmrGAwvDb594J3jk8yD
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Wed, 2002-06-26 at 17:18, Christopher Murtagh wrote:
>=20
> Here are simple instructions on how to update OpenSSH to the most
> recent version (for those of use who do this sort of thing of course :-).
> Updating to openssh-3.4 is *strongly* recommended, whether you do it via
> source or RPM as there has been a vulnerability found that can lead to a
> root compromise.
Notably, Red Hat and YellowDog Linux are not affected.
This vulnerability only exists if s/key auth or BSD_AUTH is enabled
during compile time, which it isn't for RHL/YDL.
If you feel ultra-paranoid, add these lines to your
/etc/ssh/sshd_config:
ChallengeResponseAuthentication no
Although I've just looked at the openssh.spec in ydl-2.2 and s/key is
NOT enabled, so there is no reason to panic. Upgrade whenever a new
package is available.
Regards,
--=20
0> Konstantin ("Icon") Riabitsev
/ ) Duke University Physics Sysadmin
~ www.phy.duke.edu/~icon/pubkey.asc
--=-fhmrGAwvDb594J3jk8yD
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEABECAAYFAj0aNBgACgkQlVxa81EWb4hV/QCgiflQpGPCkBKAi2DDMDjYC9rN
amUAnjYnvZ2CFO6n939P5du5sukXNrpM
=D11S
-----END PGP SIGNATURE-----
--=-fhmrGAwvDb594J3jk8yD--