Re: OpenSSH in Woody
* Francois Sauterey ([EMAIL PROTECTED]) [030922 22:36]: > Le 13:56 22/09/03 -0400, George Georgalis nous a écrit : > ** Message d'origine ** > >Most of my debian installs took the recent ssh updates without a hiccup, > >but two of them deposited the file /etc/ssh/sshd_not_to_be_run before > >restarting and left no daemon listening. > and what's about ssh/potato ? > I don't see any thing about a new upgrade foir ssh in potato ? Because potato doesn't get any security upgrades any more. Cheers, Andi -- http://home.arcor.de/andreas-barth/ PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C
Re: OpenSSH in Woody
* Francois Sauterey ([EMAIL PROTECTED]) [030922 22:36]: > Le 13:56 22/09/03 -0400, George Georgalis nous a écrit : > ** Message d'origine ** > >Most of my debian installs took the recent ssh updates without a hiccup, > >but two of them deposited the file /etc/ssh/sshd_not_to_be_run before > >restarting and left no daemon listening. > and what's about ssh/potato ? > I don't see any thing about a new upgrade foir ssh in potato ? Because potato doesn't get any security upgrades any more. Cheers, Andi -- http://home.arcor.de/andreas-barth/ PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: OpenSSH in Woody
In article <[EMAIL PROTECTED]> you wrote: > and what's about ssh/potato ? > I don't see any thing about a new upgrade foir ssh in potato ? Potato is not anymore supported by debian security team, as you can read in the faq. t is unfortunate, I still have some systems running.. well.. thanks god no accessable sh daemon. I did not managed to build the woody pacages on my boxes yet, missing some dependencies and I did not yet find a good aptget archive which still works. IS archive.debian.org supposed to be apt-getable for source and binaries? Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/
Re: OpenSSH in Woody
In article <[EMAIL PROTECTED]> you wrote: > and what's about ssh/potato ? > I don't see any thing about a new upgrade foir ssh in potato ? Potato is not anymore supported by debian security team, as you can read in the faq. t is unfortunate, I still have some systems running.. well.. thanks god no accessable sh daemon. I did not managed to build the woody pacages on my boxes yet, missing some dependencies and I did not yet find a good aptget archive which still works. IS archive.debian.org supposed to be apt-getable for source and binaries? Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: OpenSSH in Woody
On Mon, Sep 22, 2003 at 09:50:45PM +0200, Francois Sauterey wrote: > Le 13:56 22/09/03 -0400, George Georgalis nous a ?crit : > ** Message d'origine ** > >Most of my debian installs took the recent ssh updates without a hiccup, > >but two of them deposited the file /etc/ssh/sshd_not_to_be_run before > >restarting and left no daemon listening. > > and what's about ssh/potato ? > I don't see any thing about a new upgrade foir ssh in potato ? security updates for potato ended in June (almost four months ago). -- - mdz
Re: OpenSSH in Woody
On Mon, Sep 22, 2003 at 09:50:45PM +0200, Francois Sauterey wrote: > Le 13:56 22/09/03 -0400, George Georgalis nous a ?crit : > ** Message d'origine ** > >Most of my debian installs took the recent ssh updates without a hiccup, > >but two of them deposited the file /etc/ssh/sshd_not_to_be_run before > >restarting and left no daemon listening. > > and what's about ssh/potato ? > I don't see any thing about a new upgrade foir ssh in potato ? security updates for potato ended in June (almost four months ago). -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: OpenSSH in Woody
Le 13:56 22/09/03 -0400, George Georgalis nous a écrit : ** Message d'origine ** Most of my debian installs took the recent ssh updates without a hiccup, but two of them deposited the file /etc/ssh/sshd_not_to_be_run before restarting and left no daemon listening. and what's about ssh/potato ? I don't see any thing about a new upgrade foir ssh in potato ? Francois Sauterey mailto:[EMAIL PROTECTED] Mon hébergeur ? http://www.ras.eu.org
Re: OpenSSH in Woody
On Mon, Sep 22, 2003 at 02:32:10PM -0400, Michael Stone wrote: >On Mon, Sep 22, 2003 at 01:56:14PM -0400, George Georgalis wrote: >>How can I change this setting or control whether future updates create >>the file? > >dpkg-reconfigure ssh > >Mike Stone thanks - -- GEORGE GEORGALIS, System Admin/Architectcell: 646-331-2027< Security Services, Web, Mail,mailto:[EMAIL PROTECTED] Multimedia, DB, DNS and Metrics. http://www.galis.org/george
Re: OpenSSH in Woody
Le 13:56 22/09/03 -0400, George Georgalis nous a écrit : ** Message d'origine ** Most of my debian installs took the recent ssh updates without a hiccup, but two of them deposited the file /etc/ssh/sshd_not_to_be_run before restarting and left no daemon listening. and what's about ssh/potato ? I don't see any thing about a new upgrade foir ssh in potato ? Francois Sauterey mailto:[EMAIL PROTECTED] Mon hébergeur ? http://www.ras.eu.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: OpenSSH in Woody
On Mon, Sep 22, 2003 at 01:56:14PM -0400, George Georgalis wrote: How can I change this setting or control whether future updates create the file? dpkg-reconfigure ssh Mike Stone
Re: OpenSSH in Woody
Most of my debian installs took the recent ssh updates without a hiccup, but two of them deposited the file /etc/ssh/sshd_not_to_be_run before restarting and left no daemon listening. I found this bit of code in /var/lib/dpkg/info/ssh.postinst setup_startup() { start=yes [ -e /usr/share/debconf/confmodule ] && { db_get ssh/run_sshd start="$RET" } if [ "$start" != "true" ] ; then /etc/init.d/ssh stop 2>&1 >/dev/null touch /etc/ssh/sshd_not_to_be_run else rm -f /etc/ssh/sshd_not_to_be_run 2>/dev/null fi } but I don't see the intent of the logic, or why one box would touch the file but the other wouldn't? Ah, must have been in the initial debconf for ssh. but when I do "dpkg --configure ssh" I get: dpkg: error processing ssh (--configure): package ssh is already installed and configured Errors were encountered while processing: ssh Maybe "--force-things" would get around that, but I don't want to regenerate my host keys. How can I change this setting or control whether future updates create the file? // George -- GEORGE GEORGALIS, System Admin/Architectcell: 646-331-2027< Security Services, Web, Mail,mailto:[EMAIL PROTECTED] Multimedia, DB, DNS and Metrics. http://www.galis.org/george
Re: OpenSSH in Woody
On Mon, Sep 22, 2003 at 02:32:10PM -0400, Michael Stone wrote: >On Mon, Sep 22, 2003 at 01:56:14PM -0400, George Georgalis wrote: >>How can I change this setting or control whether future updates create >>the file? > >dpkg-reconfigure ssh > >Mike Stone thanks - -- GEORGE GEORGALIS, System Admin/Architectcell: 646-331-2027< Security Services, Web, Mail,mailto:[EMAIL PROTECTED] Multimedia, DB, DNS and Metrics. http://www.galis.org/george -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: OpenSSH in Woody
On Mon, Sep 22, 2003 at 01:56:14PM -0400, George Georgalis wrote: How can I change this setting or control whether future updates create the file? dpkg-reconfigure ssh Mike Stone -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: OpenSSH in Woody
Most of my debian installs took the recent ssh updates without a hiccup, but two of them deposited the file /etc/ssh/sshd_not_to_be_run before restarting and left no daemon listening. I found this bit of code in /var/lib/dpkg/info/ssh.postinst setup_startup() { start=yes [ -e /usr/share/debconf/confmodule ] && { db_get ssh/run_sshd start="$RET" } if [ "$start" != "true" ] ; then /etc/init.d/ssh stop 2>&1 >/dev/null touch /etc/ssh/sshd_not_to_be_run else rm -f /etc/ssh/sshd_not_to_be_run 2>/dev/null fi } but I don't see the intent of the logic, or why one box would touch the file but the other wouldn't? Ah, must have been in the initial debconf for ssh. but when I do "dpkg --configure ssh" I get: dpkg: error processing ssh (--configure): package ssh is already installed and configured Errors were encountered while processing: ssh Maybe "--force-things" would get around that, but I don't want to regenerate my host keys. How can I change this setting or control whether future updates create the file? // George -- GEORGE GEORGALIS, System Admin/Architectcell: 646-331-2027< Security Services, Web, Mail,mailto:[EMAIL PROTECTED] Multimedia, DB, DNS and Metrics. http://www.galis.org/george -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: OpenSSH in Woody
On Sat, Sep 20, 2003 at 06:34:53AM +0300, Birzan George Cristian wrote: > When is there going to be a patched version of OpenSSH for stable? Sid > got the fixed one (3.6.1p2-9), but there's no fixed version for Stable > on security.debian.org. I've rolled my own version of this. It can be found at http://wolfheart.ro/debian/ssh/ I only compiled it for i386 because that's the only arch I have access to. :-) It's just a backport of the patch applied on 3.6.1p2-9. -- Regards Birzan George Cristian signature.asc Description: Digital signature
Re: OpenSSH in Woody
On Sat, Sep 20, 2003 at 06:34:53AM +0300, Birzan George Cristian wrote: > When is there going to be a patched version of OpenSSH for stable? Sid > got the fixed one (3.6.1p2-9), but there's no fixed version for Stable > on security.debian.org. I've rolled my own version of this. It can be found at http://wolfheart.ro/debian/ssh/ I only compiled it for i386 because that's the only arch I have access to. :-) It's just a backport of the patch applied on 3.6.1p2-9. -- Regards Birzan George Cristian signature.asc Description: Digital signature
Re: OpenSSH in Woody
On Sat, Sep 20, 2003 at 06:34:53AM +0300, Birzan George Cristian wrote: > When is there going to be a patched version of OpenSSH for stable? Sid > got the fixed one (3.6.1p2-9), but there's no fixed version for Stable > on security.debian.org. > > P.S. I'm talking about CAN-2003-0682, not CAN-2003-0693 and > CAN-2003-0695 which have already been fixed. As a side note, shouldn't > the changelog.Debian list which vulnerabilities have been addressed? > You can always use www.debian.org/security/crossreferences for this which it is updated even after the packages have been uploaded and thus is much more current than the packages' Changelog. Regards Javi pgpWRyOLLo8NT.pgp Description: PGP signature
Re: OpenSSH in Woody
On Sat, Sep 20, 2003 at 06:34:53AM +0300, Birzan George Cristian wrote: > When is there going to be a patched version of OpenSSH for stable? Sid > got the fixed one (3.6.1p2-9), but there's no fixed version for Stable > on security.debian.org. > > P.S. I'm talking about CAN-2003-0682, not CAN-2003-0693 and > CAN-2003-0695 which have already been fixed. As a side note, shouldn't > the changelog.Debian list which vulnerabilities have been addressed? > You can always use www.debian.org/security/crossreferences for this which it is updated even after the packages have been uploaded and thus is much more current than the packages' Changelog. Regards Javi pgp0.pgp Description: PGP signature
Re: OpenSSH in Woody
On Sat, Sep 20, 2003 at 06:34:53AM +0300, Birzan George Cristian wrote: P.S. I'm talking about CAN-2003-0682, not CAN-2003-0693 and CAN-2003-0695 which have already been fixed. As a side note, shouldn't the changelog.Debian list which vulnerabilities have been addressed? When the CAN is known, it does. The last ssh update was put together before a CAN was selected. Mike Stone
OpenSSH in Woody
When is there going to be a patched version of OpenSSH for stable? Sid got the fixed one (3.6.1p2-9), but there's no fixed version for Stable on security.debian.org. P.S. I'm talking about CAN-2003-0682, not CAN-2003-0693 and CAN-2003-0695 which have already been fixed. As a side note, shouldn't the changelog.Debian list which vulnerabilities have been addressed? -- Regards Birzan George Cristian pgp3B7wognh9q.pgp Description: PGP signature
Re: OpenSSH in Woody
On Sat, Sep 20, 2003 at 06:34:53AM +0300, Birzan George Cristian wrote: P.S. I'm talking about CAN-2003-0682, not CAN-2003-0693 and CAN-2003-0695 which have already been fixed. As a side note, shouldn't the changelog.Debian list which vulnerabilities have been addressed? When the CAN is known, it does. The last ssh update was put together before a CAN was selected. Mike Stone -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
OpenSSH in Woody
When is there going to be a patched version of OpenSSH for stable? Sid got the fixed one (3.6.1p2-9), but there's no fixed version for Stable on security.debian.org. P.S. I'm talking about CAN-2003-0682, not CAN-2003-0693 and CAN-2003-0695 which have already been fixed. As a side note, shouldn't the changelog.Debian list which vulnerabilities have been addressed? -- Regards Birzan George Cristian pgp0.pgp Description: PGP signature