-- William Gibson, All Tomorrow's Parties
Couple security fixes in OpenSSH 4.2 so it was time to go on an update spree. I have:
A few of those are still running 3.6, and OSSH 4.2 hit 3.6 and 3.8 a few days ago, so they were already updated. But overall? 10 minutes to update those hosts (counting cvsup time), manually, with no script (which would be trivial to do).
Nowhere near the number of machines I had while working at DCI, but there I would have just scripted the updates.
And of course now I have to wait for the few Debian boxes I still maintain, whenever the debsec team releases a package... grr.
[root@kleiner]:[~]# cvsup -g /etc/cvs-supfile [root@kleiner]:[~]# cd /usr/src/usr.bin/ssh [root@kleiner]:[/usr/src/usr.bin/ssh]# make clean && make depend \ && make && make install [root@kleiner]:[/usr/src/usr.bin/ssh]# cp ssh_config sshd_config /etc/ssh [root@kleiner]:[/usr/src/usr.bin/ssh]# pkill -f /usr/sbin/sshd [root@kleiner]:[/usr/src/usr.bin/ssh]# /usr/sbin/sshd
If you made changes to the ssh config files you might want to do a little diff action.
[bda@eos]:[~]$ ssh kleiner Last login: Mon Sep 5 23:50:48 2005 from 188.8.131.52 OpenBSD 3.7-stable (GENERIC) #0: Thu Aug 25 16:30:04 EDT 2005
[bda@kleiner]:[~]$ ssh -V
OpenSSH_4.2, OpenSSL 0.9.7d 17 Mar 2004