You are here: Foswiki>Computing Web>MacOSX (revision 9)EditAttach

MAC OSX

OSX 10.4.7 August Security Update

This update includes a new version of SSH (OpenSSH 4.2) which uses a new mechanism for doing Kerberos authentication. The new version fixes a weakness in the old version. Unfortunately, the two mechanisms don't inter-operate and there is no backwards compatibilty provided. This means that the update breaks using Kerberos/SSH to most all FNAL machines and MSUHEP machines. Note that telnet will still work to FNAL (not allowed to MSUHEP machines).

Before applying this update, make a copy of the ssh program /usr/bin/ssh so that you'll have the old version for connecting to old servers.

See http://listserv.fnal.gov/scripts/wa.exe?A1=ind0608&L=macusers

The ssh binary before update:

mac:~ little$ ls -l /usr/bin/ssh
-rwxr-xr-x   1 root  wheel  231248 May 27  2005 /usr/bin/ssh

mac:~ little$ ssh -v
OpenSSH_3.8.1p1, OpenSSL 0.9.7i 14 Oct 2005

Want to copy this binary to another location, perform the update, copy the new binary to another location and then create a softlink to the old binary named /usr/bin/ssh.

mac:~ little$ sudo cp /usr/bin/ssh /usr/bin/ssh-3.8.1p1
Password:
mac:~ little$ ls -l /usr/bin/ssh*
-rwxr-xr-x   1 root  wheel  231248 May 27  2005 /usr/bin/ssh
-rwxr-xr-x   1 root  wheel  231248 Aug 15 02:16 /usr/bin/ssh-3.8.1p1
-rwxr-xr-x   1 root  wheel   75968 May 27  2005 /usr/bin/ssh-add
-rwxr-xr-x   1 root  wheel   63016 May 27  2005 /usr/bin/ssh-agent
-rwxr-xr-x   1 root  wheel   84948 May 27  2005 /usr/bin/ssh-keygen
-rwxr-xr-x   1 root  wheel  129660 May 27  2005 /usr/bin/ssh-keyscan

Now do software update.

Then do:

mac:~ little$ sudo cp /usr/bin/ssh /usr/bin/ssh-4.2

mac:~ little$ sudo rm /usr/bin/ssh
mac:~ little$ sudo ln -s /usr/bin/ssh-3.8.1p1 /usr/bin/ssh

mac:~ little$ ssh -v
OpenSSH_3.8.1p1, OpenSSL 0.9.7i 14 Oct 2005

Local Pages

-- TomRockwell - 25 May 2006
Edit | Attach | Print version | History: r21 | r10 < r9 < r8 < r7 | Backlinks | View wiki text | Edit WikiText | More topic actions...
Topic revision: r9 - 15 Aug 2006, TomRockwell
 

This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback