[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] SuSE 7.0 "Backport" for OpenSSH RPM (was: Re: [suse-security] SuSE Security Announcement: openssh (second release) (SuSE-SA:2003:039))



* Roman Drahtmueller wrote on Thu, Sep 18, 2003 at 20:23 +0200:
>     SuSE-7.2:
>     source rpm(s):
>     ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/openssh-2.9.9p2-156.src.rpm
>       98b8b7281fe04aab8c8838adcf195697

Hiya,

I made a backport SSH-RPM for SuSE 7.0 and write here some
upgrade instructions just in case someone else also has some 7.0
installations around there.

First, make sure you understood that this comes without any
warranty or anything, is provided AS-IS, is completely unofficial
of course which means that is has nothing to do with SuSE, and
even may not work at all for you. Prefer upgrading your system
if you have the chance!

I assume you have only remote access to the 7.0 installation
(otherwise, update locally to 8.2 :-)). Make sure you have an
official openssh.rpm on the machine in case you need to downgrade
after errors.

First, it is required to set up a SSH daemon that will survive
the restart to assure you can connect after upgrade :-)

As "startproc" isn't the smartest tool on 7.0, let's try this:

$ cp /usr/sbin/sshd /usr/sbin/emerg.sshd
$ /usr/sbin/emerg.sshd -p 27

Now connect on *another* xterm to the server by ssh, passing "-p
27". Make sure this backup works before continuing or
disconnecting the prot 22 shell! If your firewall block port 27,
choose another, maybe 25, 80 or 443 if unused or something
greater that 1024 - or adjust your firewall.

Do not continue if you don't have a SSH connection on a port
different from 22 via a binary which name doesn't *start* with
"/usr/sbin/sshd"!

Now upgrade the rpm from the shell opened on port 27 (!):

$ rpm -Uhv openssh-2.9.9p2-156.i386.rpm 

(Do not forget to pray from this point on, it may help)

Make sure the file /etc/rc.d/sshd exists. It seems that RPM makes
the backup-rename of the startscript after upgrading (or whatever).

If it does not exists, just try again with force:

$ rpm -Uhv --force openssh-2.9.9p2-156.i386.rpm

Now - make sure you're using emerg.sshd on port 27 - execute the
two commands:

$ killall sshd
$ rcsshd start

Check if you can connect to the new port 22 sshd by using ssh
without the -p option.

Finally (from a port 22 shell):

$ killall emerg.sshd 
$ rm /usr/sbin/emerg.sshd

Verify that anything is fine and working.

You now may stop praying and thank the lord :-)

You can find the RPM here:

http://sws.dett.de/tmp/openssh-2.9.9p2-156.i386.rpm
  (source: http://sws.dett.de/tmp/openssh-2.9.9p2-156.src.rpm)

oki,

Steffen

-- 
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here