[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Upgrading OpenSSH without a compiler

To: <misc@openbsd.org>
Subject: Re: Upgrading OpenSSH without a compiler
From: "Marco Peereboom" <slash@peereboom.us>
Date: Tue, 16 Jul 2002 07:19:52 -0500
References: <20020716022635.GX21226@enoch.org> <Pine.BSO.4.44.0207152205320.2146-100000@lagwagon.darkside.org> <20020716030514.GZ21226@enoch.org> <13a501c22c75$dbd4fe40$6400a8c0@slashmarco>

Ok, this was a little late last night.

Platform it is OpenBSD 3.1 i386.

Sorry,
/marco

----- Original Message -----
From: "Marco Peereboom" <slash@peereboom.us>
To: "Mike Johnson" <mike@enoch.org>; "Joseph W. Shaw II"
<mrman@darkside.org>
Cc: <misc@openbsd.org>
Sent: Monday, July 15, 2002 22:07
Subject: Re: Upgrading OpenSSH without a compiler


> So, let me step forward and offer *my* tarball. The ones who don't trust
me
> can look at the included source code (for what that's worth!). This is the
> version I am running on my firewall and I survived several attacks.
>
> You can find it at: http://www.peereboom.us/ssh34.tgz
>
> Instructions:
> if /usr/src does not exist do "mkdir /usr/src"
> cd /usr/src
> if /usr/src/usr.bin does not exist do "mkdir /usr/src/usr.bin"
> tar zxvf ssh34.tgz
> cd ssh
> make install
> cp ssh_config sshd_config /etc/ssh
> mkdir /var/empty
>
> Restart sshd with:
> kill -HUP `cat /var/run/sshd.pid`
>
> Have fun.
> /marco
>
> ----- Original Message -----
> From: "Mike Johnson" <mike@enoch.org>
> To: "Joseph W. Shaw II" <mrman@darkside.org>
> Cc: <misc@openbsd.org>
> Sent: Monday, July 15, 2002 22:05
> Subject: Re: Upgrading OpenSSH without a compiler
>
>
> > Joseph W. Shaw II [mrman@darkside.org] wrote:
> >
> > > This strikes at the heart of the problem, at least in my eyes.  It's
not
> > > that people aren't willing to provide the packages and patches, it's
the
> > > amount of trust people are willing to place in non-OpenBSD team
members
> > > providing binary patches/packages.  Obviously the OpenBSD team has
> better
> > > things to be working on.  Would the OpenBSD team be willing to adopt
an
> > > outside volunteer to handle this task so they don't have to and how
> would
> > > trust in such a person be verified?
> >
> > I'm sure several people would be willing to step forward.  However, I
> > think this has come up before, and I dunno if the OpenBSD team is going
> > to rush out and adopt someone.
> >
> > On the other hand, it's up to the people who plan on trusting to decide.
> > Who do you trust?  Why?  If some individual were to step forward and say
> > 'I've got updated tarballs at ftp://blah.blah.blah/blah signed with my
> > GPG key.  Knock yourself out' would people download them?
> >
> > In the end, there's three options if you don't want to build from
source:
> > 1. The OpenBSD team says: we trust Joe Blow
> > 2. Download the packages, verifying their signatures and running with
> > them.
> > 3. Nothing.  Don't upgrade.
> >
> > Mike
> > --
> > "Let the power of Ponch compel you!  Let the power of Ponch compel you!"
> >    -- Zorak on Space Ghost
> >
> > GNUPG Key fingerprint = ACD2 2F2F C151 FB35 B3AF  C821 89C4 DF9A 5DDD
95D1
> > GNUPG Key = http://www.enoch.org/mike/mike.pubkey.asc

References:
- Re: Upgrading OpenSSH without a compiler
  - From: Mike Johnson <mike@enoch.org>
- Re: Upgrading OpenSSH without a compiler
  - From: "Joseph W. Shaw II" <mrman@darkside.org>
- Re: Upgrading OpenSSH without a compiler
  - From: Mike Johnson <mike@enoch.org>
- Re: Upgrading OpenSSH without a compiler
  - From: "Marco Peereboom" <slash@peereboom.us>

Prev by Date: Re: Contribute to pf(4)
Next by Date: Re: Contribute to pf(4)
Prev by thread: Re: Upgrading OpenSSH without a compiler
Next by thread: Re: Upgrading OpenSSH without a compiler
Index(es):
- Date
- Thread