RE: [suse-security] Where are ssh,sshd packages?
Hi Brett go to yast, start installation (3rd point from above) and go to section sec(urity) . There you'll find all ssh stuff. cheers, Philipp
Can anyone tell me where to find the rpms for sshd, ssh?
I see reference to ssh on the web site. But I cannot find sshd and ssh on my six 7.0 professional CDs anywhere, or on a web site.
The Mandrake openssh-2.1.1 and ssh-1.2.2.7 sshd do not allow logins.
Thanks. Brett
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
go to yast, start installation (3rd point from above) and go to section sec(urity) . There you'll find all ssh stuff.
cheers, Philipp
Can anyone tell me where to find the rpms for sshd, ssh?
I see reference to ssh on the web site. But I cannot find sshd and ssh on my six 7.0 professional CDs anywhere, or on a web site.
The Mandrake openssh-2.1.1 and ssh-1.2.2.7 sshd do not allow logins.
Thanks. Brett
If you have the US version of the SuSE-7.0, then the crypto stuff isn't
on the CDs. Get the packages from
ftp://ftp.suse.de/private/draht/
You might not want to use the openssh package because it has a small
security problem that has been published yesterday. We will see an
update/advisory soon about the issue.
The packages are there because they fix some small bugs that are present
in the original 7.0 version.
Roman.
--
- -
| Roman Drahtmüller
Moin Roman! thanks for the updates. a question: are the small bugs in the original 7.0 version related to issues of compatibility between openssh and ssh2.3.0? i began updating my ssh servers to ssh 2.3.0 yesterday, and now my suse clients running the openssh 2.1.1 clients from the 7.0 dist. fail to connect with an HMAC error. -- michael Roman Drahtmueller schrieb am Dienstag, den 14. November 2000:
If you have the US version of the SuSE-7.0, then the crypto stuff isn't on the CDs. Get the packages from
ftp://ftp.suse.de/private/draht/
You might not want to use the openssh package because it has a small security problem that has been published yesterday. We will see an update/advisory soon about the issue.
The packages are there because they fix some small bugs that are present in the original 7.0 version.
Roman.
--
Moin Roman!
thanks for the updates. a question: are the small bugs in the original 7.0 version related to issues of compatibility between openssh and ssh2.3.0? i began updating my ssh servers to ssh 2.3.0 yesterday, and now my suse clients running the openssh 2.1.1 clients from the 7.0 dist. fail to connect with an HMAC error.
-- michael
Hmmm. I don't know what kind of bug that is... I don't use openssh because
it tends to crash every once in a while, and I can't debug these things
because of too many security problems these days. The bugs in the two
packages on my directory are 7.0-related bugs: Both packages were not
compiled with libwrap.a (tcp-wrappers). So the advisory will cover three
issues with two packages: missing libwrap, a small unnecessary tmp file
race condition, the openssh bug. *sigh*
Roman.
--
- -
| Roman Drahtmüller
On Tue, 14 Nov 2000 15:38:11 +0100 (MET), you wrote:
Hmmm. I don't know what kind of bug that is... I don't use openssh because it tends to crash every once in a while, and I can't debug these things
Which is the recommended solution for administering remotely machines? Which version? What's the solution you use if you don't like SSH?? :? I'm currently using: SSH-1.5-OpenSSH-1.2.2 (the .rpm is "openssh-1.2.2-30", from SuSE 6.4). I know this version has a not extremely severe bug, at least for those like me who doesn't use scp ;-) Is it secure for me, isn't it? (I'm not using scp at all). Another question: in my SuSE 6.4 there are two SSH packages: the Open* and the * :) Which would you recommend and why?? Summarizing, which is the best solution for remote administration (=shell)? (program & version wanted). Thanks. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ** RoMaN SoFt / LLFB ** roman@madrid.com http://pagina.de/romansoft ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Which is the recommended solution for administering remotely machines? Which version? What's the solution you use if you don't like SSH?? :?
What I can recommend: Use ssh-1.2.27, disable x11-forwarding and agent-forwarding per default and enable it only to servers that you trust. Don't scp to/from untrusted machines. The version that is on 7.0 is ok.
I'm currently using: SSH-1.5-OpenSSH-1.2.2 (the .rpm is "openssh-1.2.2-30", from SuSE 6.4). I know this version has a not extremely severe bug, at least for those like me who doesn't use scp ;-) Is it secure for me, isn't it? (I'm not using scp at all).
Another question: in my SuSE 6.4 there are two SSH packages: the Open* and the * :) Which would you recommend and why??
Summarizing, which is the best solution for remote administration (=shell)? (program & version wanted).
Thanks.
Roman.
--
- -
| Roman Drahtmüller
participants (4)
-
Michael Galloway
-
Philipp Snizek
-
Roman Drahtmueller
-
RoMaN SoFt / LLFB!!