[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] RaQ3-RaQ4-OpenSSH-3.4p1-1.pkg
- Subject: Re: [cobalt-security] RaQ3-RaQ4-OpenSSH-3.4p1-1.pkg
- From: Jay Summers <jay@xxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 28 Jun 2002 16:32:03 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> Don't install a program or library that has anything to do with
> running processes. The results can be ugly. Don't ask me how I
> know.
>
> 1) Download and compile new version of OpenSSH
>
> 2) Update config file for new version, if needed
>
> 3) From within /path/to/openssh-src
>
> ./sshd -p 55555
>
> 4) Log in to your server on port 55555
>
> 5) If it works, your new sshd is good
>
> 6) Terminate all copies of sshd running on port 22
>
> 7) Install the new copy
>
> cd /path/to/openssh-src
> make install
>
> 8) Start sshd on port 22, as would happen during boot
>
> 9) Log in via ssh on port 22
>
> 10) Terminate all copies of sshd running on port 55555.
>
> In short, start a copy of new sshd using port perversion. If it
> works, kill the old sshd (port 22), and start your new sshd on
> the proper port. Kill the new sshd on port 55555, and you're in
> good shape.
>
> Nothing special about 55555, except it's in a region that's "off
> limits" for normal servers.
Hey Eddy,
Thanks for this! Up until now I've been doing the old enable telnet and only
allow it for my IP routine. Sorry for leaving most of your post intact, but
I felt it was _good_ for the archives. Anyhow, thanks again and thanks to
all the others with helpful hints. Now, if only I could get the new OpenSSH
release to compile on my poor old Raq2's.
regards,
Jay
--
http://www.bizmanuals.com