Nessus scan of FreeBSD 5.2.1 shows old version of ssh
Vince
jhary at unsane.co.uk
Mon Jul 19 12:38:57 PDT 2004
Well if you realy want the latest openssh install openssh from ports
(portinstall openssh or portinstall openssh-portable) you will have
to use portable to build with pam if I remember rightly.
The version in the base system does not actualy have the vulnerability
Nessus is refering to as it was patched umm 2003-10-05
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:15.openssh.a
sc
In terms of gotchas there arent many,
Read /usr/ports/security/openssh(-portable)/pkg-message
And unless you use the OPENSSH_OVERWRITE_BASE option I think you may have to
manualy move your existing hostkeys to /usr/local/etc and re-edit the new
Config files (I could be wrong here as it's a while since I bothered
changing from the version in base)
Vince
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org] On Behalf Of Ray Seals
> Sent: 19 July 2004 18:15
> To: freebsd-questions at FreeBSD.org
> Subject: Nessus scan of FreeBSD 5.2.1 shows old version of ssh
>
> I just ran a Nessus scan against one of my machines. The
> scan triggered on a version of ssh older than 3.7.1.
>
> I ran /usr/bin/ssh -v and found that I have version 3.6.1p1.
> I'm looking for the best way to upgrade this. Can I just
> install and run 'portupgrade' on SSH? What are some of the
> "gotcha" points on doing this?
>
> --
> Ray Seals <rseals at vdsi.net>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list