Sshd fix

Scott Robbins scottro at
Fri Sep 24 08:50:59 PDT 2004

On Fri, Jun 28, 2002 at 06:52:40PM -0600, Scott Gerhardt wrote:
> For the sshd fix, could't I just strip the base openssh from the system and
> install the updated openssh-3.4 from the ports?
> If so, what is the best method to disable/eliminate openssh from the base
> system?

This is what I did, and it seems to work. (I'd be grateful if someone
pointed out anything I did wrong.  Part of it was gotten from a post
by someone else, and the rest I figured out, for better or worse, on
my own.

cvsup ports to make sure you have 3.4.
Make install.
Edit /etc/rc.conf
Change enable_sshd="YES" to a "NO"
add the line
In /usr/local/etc/rc.d you'll find that it's put a script called  Rename that to

You've probably seen the various advisories that suggest taking the
ChallengeResponse line and changing it to no  (and uncomment it as

Lastly, until I renamed /usr/sbin/sshd, it kept giving me the old
version number--so, stop sshd, and rename /usr/sbin/sshd to something
else. Then, start the new one 

This seems to work.

Scott Robbins

To Unsubscribe: send mail to majordomo at
with "unsubscribe freebsd-security" in the body of the message

More information about the freebsd-questions mailing list