Ben Rosenberg wrote:
* Michael D. Schleif (mds@helices.org) [020929 16:25]: :: ::I am very frustrated. An associate installed SuSE on a server to which ::I am remotely ssh'd. :: ::I cannot find adequate documentation for yast/yast2 anywhere. In fact, ::there is *NO* man yast2 !?!? :: ::I don't know why this box -- supposedly patched and fully updated by my ::associate -- is running sshd and openssl through which every script ::kiddie can skip; but, I also cannot figure out how to upgrade this beast
If your associate has patched this machine with the most current patches then a "script kiddie" can no more skip through that box then a normal use can. Do not mistake the version number of OpenSSL as an invite to run rampant through the system. SuSE patches the current version number that came with the CD's, so if the 8.0 system had 0.9.6c come with it then they would patch that version and release new packages of the same number. Make no mistake that this is insecure. SuSE does this as not to break many other things that come with the system such as ALL of KDE and many other packages. They don't wish to release 100's of rebuilt pkgs just because one pkg that the others use is broken. If your associate has any clue about security then he has setup privsep and run's all of the ssh connections in a chrooted environment which is the prudent thing to do. OpenSSH and OpenSSL are not at issue here. The air between the keyboard and the chair are. A compitant admin keeps abreast of what's going on and tries to keep the system safe as possible. Nothing is sure fire as far as security accept removing the CDROM, Floppy drive, network cable and basically shutting the machine off. If there is a problem then a cracker will find it. But keeping up on such things makes it a little bit better.
<snip /> All else said and done, can you suggest a way that I can use YOU from a remote ssh session? What can I do to resolve these errors? How can I use YOU? This all seems terribly difficult, especially compared to debian and apt . . . -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . .