Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] SuSE Security Announcement: openssh (SuSE-SA:2001:045) (re-released SuSE-SA:2001:044)
  • From: engelbert.gruber@xxxxxxxxx
  • Date: Fri, 7 Dec 2001 09:10:32 +0100 (CET)
  • Message-id: <Pine.LNX.4.21.0112070849520.8638-100000@xxxxxxxxxxxxxxx>
On Fri, 7 Dec 2001, Roman Drahtmueller wrote:

> >
> > any chances to use this package on an old Suse 6.0 system ? (I have no physical access
> > to the server, so I'd rather not try remotely before I'm sure... :)
> >
>
> You can try it out, and I wonder how far you get. Without a recompile I
> guess that it won't work, and I wouldn't want to try it out.
>
> But: You can always install the source rpm and try to add the patches
> included (especially the UseLogin patch:
> openssh-2.9.9p2.uselogin-security-patch.dif). If the recompile works, then
> you still can run the new daemon on a different port for testing.
>
> compiled/source/sshd -p 24
>
> ssh server -l remoteuser -p 24
>
> or whichever port you wish.

DANGER:
as far as i can remeber rpm -ba (build all) might also do an install
on newer rpms the installation might be not in root but if it is
the old ssh is overwritten.

so maybe get the current ssh installation save it to some place
and run sshd on another port.

should one rename sshd so killall could not find it ?

and for working i made a ssh connection from the server
to my workstation with an telnet tunnel back to the
server, this requires only the ssh1 binary from the server
in some directory (but i had a safety net, a man close to the machine).

--
--- Engelbert Gruber ----=~
SSG Fintl,Gruber,Lassnig

A6410 Telfs Untermarkt 9
Tel. ++43-5262-64727 ----=~


< Previous Next >
Follow Ups
References