Kurt Seifried, [email protected]
Red Hat will not be issuing OpenSSH 3.4 packages for Red Hat 7.x (can't say that I blame them, customer support would be a nightmare). Unfortunately I really wanted OpenSSH 3.4 on my server systems (privsep, all the bug fixes, etc.). I modifed the Red Hat spec file slightly, you will need that, the source RPM from Red hat, and the source code for OpenSSH 3.4 portable. I have disabled askpass/gnome stuff, this is aimed at servers, not clients.
You will need the following three files to build the rpms:
wget http://seifried.org/security/os/linux/redhat/seifried-redhat-openssh.spec wget ftp://updates.redhat.com/7.3/en/os/SRPMS/openssh-3.1p1-6.src.rpm wget ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz
The spec file is available here.
Install the source rpm, source code and spec file to /usr/src/redhat/*:
rpm -Uvh openssh-3.1p1-6.src.rpm cp openssh-3.4p1.tar.gz /usr/src/redhat/SOURCES/ cp seifried-redhat-openssh.spec /usr/src/redhat/SPECS/ cd /usr/src/redhat/SPECS/
Then simply use "rpm -ba" to build the source file and binary files:
rpm -ba seifried-redhat-openssh.spec
After it has compiled you should have the following four files:
/usr/src/redhat/RPMS/i386/openssh-3.4p1-1.i386.rpm /usr/src/redhat/RPMS/i386/openssh-clients-3.4p1-1.i386.rpm /usr/src/redhat/RPMS/i386/openssh-server-3.4p1-1.i386.rpm /usr/src/redhat/SRPMS/openssh-3.4p1-1.src.rpm
Installaing the new RPM's:
Copy them to the system you wish to update and issue the "rpm -F" command:
rpm -Fvh *ssh*3.4*
It will not overwrite sshd_config or ssh_config, you will probably need to edit and copy the .rpmnew ones if you've done any tweaking. Please for the love of all that is holy DO NOT DEPLOY ON REMOTE PRODUCTION SERVERS UNTIL YOU HAVE TESTED IT ON A LOCAL MACHINE. I cannot stress this enough. If it breaks I'll let you keep all the pieces. Enjoy.
This has got to be one of the worst and best features about Red Hat Linux 7.2. My first major complaint would be the lack of Postfix. Not only did they fail to ship it on the CD, they failed to include it in anything like powertools online. To make matters worse the Postfix RPM from 7.1 does not work properly as it expects older libraries, although you should be able to get it working with some effort. But instead of doing all that I thought I would give Sendmail a chance, I haven't used it in approximately 2-3 years, and it has been audited (very few remote root hacks in the last few months, although there were some local root hacks). There are several significant problems with the default sendmail configuration and scripts that manage it.
Last updated 1/7/2002
Copyright Kurt Seifried 2002