Re: Portable openssh.

From: Neil Horman (
Date: 10/03/03

Date: Fri, 03 Oct 2003 09:08:32 -0400

Gladiator wrote:
> I hope someone can help me to understand one thing. :)
> Whats the difference between openssh from RedHat and from
> I have installed a portable openssh 3.5p1-1.rpm on RedHat 7.3 and it was a
> year ago.
> Now I want to update the latest openssh with openssh-3.1p1-14.i386.rpm frn
> RedHat Network.
> If you look at the version number it lower then the one I have installed, am
> I upgrading or downgrading?
> Whats the difference? Could anyone tell me or give a tips on a websites that
> have this information for a newbie like me.
> I did install the openssh-3.1p1-14.i386.rpm anyway on my server and it did
> install new sshd_config.rpmnew.
> But I restarted sshd without changing the sshd_config and I got following
> errors on these options:
> UsePrivilegeSeparation
> KerberosAuthentication
> KerberosOrLocalPasswd
> KerberosTicketCleanup
> Is my server more secure after the upgrade?
> Billy
Why did you install an openSSH rpm from Red Hat 9 on a 7.3 system?
Regardless, version wise this new package does two things for you. The
patch level includes security fixes as recently as (I think) last month,
so on the whole your system is more secure. However, since it is an
older version than what you currently have, its missing some more recent
features, hence the sshd_config errors you're seening above.

My recommendation: Either 1) reconfig sshd to use the 3.1p14 package and
don't install rpms from other relases in the future, or 2) if you want
the latest and greatest and can do without Red Hat support, just compile
the thing yourself from every time an errata is released
(about once a week these days :) )


  *Neil Horman
  *Software Engineer
  *Red Hat, Inc.,
  *gpg keyid: 1024D / 0x92A74FA1