Ray Curtis wrote:
>
> >>>>> "sm" == Scott Merritt <[EMAIL PROTECTED]> writes:
>
> sm> Mine are still there which confuses me... I'm wondering if they
> sm> removed/moved them to a new location because I'm not sure where they're
> sm> supposed to live :)
>
> The latest updates for openssh, openssh-2.5.2p2-1.7, should have just
> renamed the old config files and saved them in /etc/ssh.
On our servers, RPM did not overwrite our existing configurations but
rather created *.rpmnew files. Unfortunately, it nonetheless looks like
SSH is now officially broken... the symptoms are:
- If you /etc/rc.d/init.d/ssh restart, it will boot you and not restart
- If you at that point telnet in (yuck) and /etc/rc.d/init.d/ssh start,
it works
- If you are ssh'd in and /etc/rc.d/init.d/ssh stop it will kill the
daemon, leave your connection alone, but when you /etc/rc.d/init.d/ssh
start again sshd will not start
- RSA/DSA authentication does not work/is ignored. You can still use
ssh to ssh into other systems before the upgrade which accept RSA/DSA
authentication, however ssh'ing into an upgraded system does not work...
despite proper configs
- There are no doubt others I've not encountered yet
Aren't we using Linux for stability and reliability here? Geeze, I'm so
****in' tired of Red Hat releasing security updates to packages which
break the packages, cause a ripple effect in services you're trying to
provide in a production environment, and the rant lives on. Sure you
should test such updates before unleashing them in a production
environment, but let's face it. The reality is we have to upgrade
before the script kiddies get a hold of the new exploits and can't risk
the time to do thorough testing before installing patches :( I very
much hope RH reviews its security patch review process.
--
-Fred Whipple
iMagine Internet Services
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
