You are here: Foswiki>Computing Web>MacOSX (revision 12)EditAttach


OSX 10.4.7 August Security Update

This update includes a new version of SSH (OpenSSH 4.2) which uses a new mechanism for doing Kerberos authentication. The new version fixes a weakness in the old version. Unfortunately, the two mechanisms don't inter-operate and there is no backwards compatibilty provided. This means that the update breaks using Kerberos/SSH to most all FNAL machines and MSUHEP machines. Note that telnet will still work to FNAL (not allowed to MSUHEP machines).

Before applying this update, make a copy of the ssh program /usr/bin/ssh so that you'll have the old version for connecting to old servers. (If you've already done the update, contact me and we can fix things.)


The ssh binary before update:

mac:~ little$ ls -l /usr/bin/ssh
-rwxr-xr-x   1 root  wheel  231248 May 27  2005 /usr/bin/ssh

mac:~ little$ ssh -v
OpenSSH_3.8.1p1, OpenSSL 0.9.7i 14 Oct 2005

Want to copy this binary to another location, perform the update, copy the new binary to another location and then create a softlink to the old binary named /usr/bin/ssh.

mac:~ little$ sudo cp /usr/bin/ssh /usr/bin/ssh-3.8.1p1
mac:~ little$ ls -l /usr/bin/ssh*
-rwxr-xr-x   1 root  wheel  231248 May 27  2005 /usr/bin/ssh
-rwxr-xr-x   1 root  wheel  231248 Aug 15 02:16 /usr/bin/ssh-3.8.1p1
-rwxr-xr-x   1 root  wheel   75968 May 27  2005 /usr/bin/ssh-add
-rwxr-xr-x   1 root  wheel   63016 May 27  2005 /usr/bin/ssh-agent
-rwxr-xr-x   1 root  wheel   84948 May 27  2005 /usr/bin/ssh-keygen
-rwxr-xr-x   1 root  wheel  129660 May 27  2005 /usr/bin/ssh-keyscan

Now do software update.

Then do:

mac:~ little$ sudo cp /usr/bin/ssh /usr/bin/ssh-4.2

mac:~ little$ sudo rm /usr/bin/ssh
mac:~ little$ sudo ln -s /usr/bin/ssh-3.8.1p1 /usr/bin/ssh

mac:~ little$ ssh -v
OpenSSH_3.8.1p1, OpenSSL 0.9.7i 14 Oct 2005

Local Pages

  • MacOSXKerb Kerberos on OSX works very nicely
  • MacOSXManualBackup use simple UNIX tools (rsync and ssh) to manually backup your home area to a remote machine
  • MacOSXUtils native OSX utilities
  • MacOSClone Clone (Ghost) an OS X system from one drive to another
  • MacOSXDebugging the OSX equivalents of ldd and strace are otool and ktrace

-- TomRockwell - 25 May 2006
Edit | Attach | Print version | History: r21 | r13 < r12 < r11 < r10 | Backlinks | View wiki text | Edit WikiText | More topic actions...
Topic revision: r12 - 17 Oct 2006, TomRockwell

This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback