Ben => Thank you, for your participation. No, my associate has very little idea what he is doing. Also, I think that you are mistaken in your assumptions of our system: # head /var/lib/YaST/update.inf # /var/lib/YaST/update.inf -- (c) 2001 SuSE GmbH # Basesystem: SuSE-Linux-SLES-i386-7.2.0#0 DefaultInstsrcFTP: ftp.suse.com:/pub/suse/i386/current ftp.gwdg.de:/pub/linux/suse/i386/current ftp.uni-freiburg.de:/pub/linux/suse PTFcrstsnItluafed: DefaultSrcPatchFTP: ftp.suse.com:/pub/suse/i386/update/7.2 Distribution_Name: SuSE-Linux-SLES-i386 # find / | grep lib | grep -i openssl /usr/share/doc/packages/openssl-doc/ssl/SSL_library_init.pod /var/lib/YaST/patches/i386/update/7.2/patches/openssl-5395.20020929.installed /var/lib/YaST/patches/i386/update/7.2/sec1/openssl-0.9.6a-69.i386.rpm /var/lib/YaST/patches/i386/update/7.2/d2/openssl-devel-0.9.6a-69.i386.rpm /var/lib/YaST/patches/i386/update/7.2/doc3/openssl-doc-0.9.6a-69.i386.rpm # sshd -v sshd: illegal option -- v sshd version OpenSSH_2.9.9p2 Please, straighten me out . . . Ben Rosenberg wrote:
* Michael D. Schleif (mds@helices.org) [020929 16:25]: :: ::I am very frustrated. An associate installed SuSE on a server to which ::I am remotely ssh'd. :: ::I cannot find adequate documentation for yast/yast2 anywhere. In fact, ::there is *NO* man yast2 !?!? :: ::I don't know why this box -- supposedly patched and fully updated by my ::associate -- is running sshd and openssl through which every script ::kiddie can skip; but, I also cannot figure out how to upgrade this beast
If your associate has patched this machine with the most current patches then a "script kiddie" can no more skip through that box then a normal use can. Do not mistake the version number of OpenSSL as an invite to run rampant through the system. SuSE patches the current version number that came with the CD's, so if the 8.0 system had 0.9.6c come with it then they would patch that version and release new packages of the same number. Make no mistake that this is insecure. SuSE does this as not to break many other things that come with the system such as ALL of KDE and many other packages. They don't wish to release 100's of rebuilt pkgs just because one pkg that the others use is broken. If your associate has any clue about security then he has setup privsep and run's all of the ssh connections in a chrooted environment which is the prudent thing to do. OpenSSH and OpenSSL are not at issue here. The air between the keyboard and the chair are. A compitant admin keeps abreast of what's going on and tries to keep the system safe as possible. Nothing is sure fire as far as security accept removing the CDROM, Floppy drive, network cable and basically shutting the machine off. If there is a problem then a cracker will find it. But keeping up on such things makes it a little bit better.
You can find documentation on YaST2 and it's modules here. What you use to access them is a simple web browser or the help tool that comes with SuSE.
The html files are here.
/usr/share/doc/packages
I would suggest using the SuSE Help Centre to get the information you desire.
What I would do is this. SSH to the machine in question and display the helpcentre through an encrypted ssh tunnel. Then run through documents you wish to see.
By default SuSE's install of ssh doesn't do ssh X forwarding so you will have to do this..
ssh -X user@domain
Then you should be able to execute the help system executable to have it displayed on your own system. The executable is "susehelpcenter". If your running Windows or something else to access the system you will need an X server to do this.
-- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . .