"That which is overdesigned, too highly specific, anticipates outcome; the anticipation of outcome guarantees, if not failure, the absence of grace."
-- William Gibson, All Tomorrow's Parties
OpenSSH updated.

Couple security fixes in OpenSSH 4.2 so it was time to go on an update spree. I have:

  1. breen
  2. gordon
  3. kleiner
  4. citadel
  5. philtered
  6. ghetto
  7. valve
  8. conduit
  9. punchclock
  10. hyperion
  11. gibson
  12. hastur

A few of those are still running 3.6, and OSSH 4.2 hit 3.6 and 3.8 a few days ago, so they were already updated. But overall? 10 minutes to update those hosts (counting cvsup time), manually, with no script (which would be trivial to do).

Nowhere near the number of machines I had while working at DCI, but there I would have just scripted the updates.

And of course now I have to wait for the few Debian boxes I still maintain, whenever the debsec team releases a package... grr.

[root@kleiner]:[~]# cvsup -g /etc/cvs-supfile
[root@kleiner]:[~]# cd /usr/src/usr.bin/ssh
[root@kleiner]:[/usr/src/usr.bin/ssh]# make clean && make depend \
 && make && make install
[root@kleiner]:[/usr/src/usr.bin/ssh]# cp ssh_config sshd_config /etc/ssh
[root@kleiner]:[/usr/src/usr.bin/ssh]# pkill -f /usr/sbin/sshd
[root@kleiner]:[/usr/src/usr.bin/ssh]# /usr/sbin/sshd

If you made changes to the ssh config files you might want to do a little diff action.

And test.

[bda@eos]:[~]$ ssh kleiner
Last login: Mon Sep  5 23:50:48 2005 from
OpenBSD 3.7-stable (GENERIC) #0: Thu Aug 25 16:30:04 EDT 2005

[bda@kleiner]:[~]$ ssh -V
OpenSSH_4.2, OpenSSL 0.9.7d 17 Mar 2004

Teh yay.

September 5, 2005 11:54 PM