I built a file server that I wanted to be accessible only by ssh. I had a security scan done to check for holes and was told that I needed to upgrade my ssh (openssh) from version 3.6.7 to the latest (3.9.1) I have tried this and when I do a "ssh -V", it says that it is the new version,but when I requested a second security scan, it came back with the same security hole and the same old openssh version,3.6.7. How do I install and/or upgrade openssh so that the new version takes over and is functional?, are there step by step instructions that I could look at on this?, I just want to plug a hole ("sigh".... :-(

If you didn't restart the sshd server yourself, the old version may still be running. The only other possibility I can think of is that the installation you tried failed, but then you would've seen some sort of error message.

Thanks for the input Wolfbone. I decided to try a different route to this problem. I was able to find the openssh-.3.9.1p-i386.rpm beta from the redhat site and download it. I put in a separate directory and executed the rpm installation for that directory. It went through the “Preparing systems update” procedure and did a check for package dependencies. Thought I was in the clear but then it came back with “Packages not found”; basically stating that the installation could not continue because the following packages could not be found and would only do so when the following packages were installed on my system: Package: Required by: Libselinux (“openssh,3,9p1.3) Libselinux.so.1 (“openssh,3,9p1.3) Openssh (openssh-client‘3,6.1p2.33.30.1) Openssh (openssh-server ‘3,6.1p2.33.30.1) NOW then! , if I do a “ssh –V”, the version of ssh that comes back is “Openssh _3.9.1p, BUT, if I do a “rpm –qa | grep ssh”, I get the following info: Openssh-3.6.1p2.33.30.1 Openssh server-3.6.1p2.33.30.1 Openssh client-3.6.1p2.33.30.1 What happen!?!?, what have I done here?!?

I don't know - unless you've somehow managed to get a copy of the new ssh client binary onto your system, 'ssh -V' should match the rpm version. You'd better try removing all the openssh packages, make sure they've really gone, then install the new ones, including any new dependencies like libselinux that they need if they ask for them. I would've thought RH would have a tool to automatically get updated rpms and their dependencies (does yum do this?).

Sounds to me as if you installed the tarball for SSH, and that is the version you are getting returned when you do ssh -V. At the same time, you still have the .rpm package installed for the older version, and that is the one which is running, and giving the security check issue. You can use rpm to remove the .rpm packages for the old version, then install the dependencies with rpm, and finally the new version ssh package(s). IIRC, fedora has an update tool called up-to-date. You can run it, and save some of the rpm he** :). HTH, Ernie [ewilcox@buckeye-express.com] ICQ 41060744 Registered Linux User 247790

I agree, RedHat should and sorta does have the "RedHat Network Alert Notification Tool" and that starts the "up2date" program updater, but I think that they are getting either greedy, lazy or both as as far as keeping up with security issues and updates. Unless there is another way to do this via app or command line (rpm appname.version & up2date appname.version) I'm at a loss as to what else I could try. As far as deleting and/or removing the ssh packages, when I tried to do a "rpm -e openssh" to remove the old openssh app, I got a bunch of "NO, we can't do this, dependencies crap! Is there another way to delete unwanted applications and their numerous related files thoroughly from the system so I can do a fresh, clean install of openssh?, or should I just start going through and deleting everything ssh-related?, is there a removal tool in linux that can do this? I did a search for the "libselinux & libselinux.so.1" files. I found some on http://rpm.pbone.net/index.php3, but I wasn't sure if I could use them for my version of Linux (RedHat Enterprise Advance Server (AS) ). Still looking for the rpms for this silly thing as well. Yum works well on Fedora, haven't tried in on Redhat yet. Thxs for your input Wolfebone.

Hi Ernie & thanks also for your input. When I try to remove openssh packages\rpm, I get "failed depencices" , openssh-server needs this, openssh-client needs this, netdump needs this to run. Any way around this?