On Fri, May 04, 2001 at 01:48:39PM -0700, Nate Amsden wrote:
> md5 passwords are only needed if you installed them. the potato install
> asks you "should i enable md5 passwords?". if you did not then that option
> would break. and potatoheads like me(i run about 2 dozen potato systems)
> use the ssh that comes with it.
Ah, you're right about that. I remember the query.
> you may be able to get the openssh from woody or unstable and rebuild it
> from souce to get debs. but i like how potato is stable even if it means
> running outdated software.
The only more recent Openssh available as a .deb is a very early
2.0-something, and there was a serious security concern about anything
before 2.3-something. There are also security reasons to want to run ssh2
rather than ssh1.
Stable is really good (the security of the system not going down), but
security is too. Anything behind the firewall, I want stable and a good
distro version is enough; anything exposed through it, I want the latest
stable release - and if the distro won't provide that, I go to tar. Ssh is
exposed because I do a lot of remote administration.
The problem here may be that the Openssh configure deduces that you've got
PAM/md5 if-and-only-if you've got the header files for PAM development, and
Debian doesn't view development packages as necessary dependencies. IMHO, if
you ask for md5, Debian should install the development file too or force you
to choose to skip it. Or it could ask, "Will you ever compile anything from
tar on this system?" and respond to "Y" by installing all development
libraries for base packages. Despite its other shortcomings, Red Hat isn't
so stingy with libraries on a default install, so stuff like Openssh
self-configures just fine.
Whit
