On Mon, 19 Jul 2004, Ray Seals wrote:
> I just ran a Nessus scan against one of my machines. The scan triggered
> on a version of ssh older than 3.7.1.
It's a false positive. Nessus just checks the version number, it doesn't
try to exploit the vulnerability to find if the system is indeed
vulner
Ray Seals <[EMAIL PROTECTED]> wrote:
> I just ran a Nessus scan against one of my machines. The scan triggered
> on a version of ssh older than 3.7.1.
>
> I ran /usr/bin/ssh -v and found that I have version 3.6.1p1. I'm
> looking for the best way to upgrade this. Can I just install and run
> '
Well if you realy want the latest openssh install openssh from ports
(portinstall openssh or portinstall openssh-portable) you will have
to use portable to build with pam if I remember rightly.
The version in the base system does not actualy have the vulnerability
Nessus is refering to as it wa