X-MimeOLE: Produced By Microsoft Exchange V6.5
Received: by onstor-exch02.onstor.net 
	id <01C741A8.B2B30A0F@onstor-exch02.onstor.net>; Fri, 26 Jan 2007 16:18:41 -0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-class: urn:content-classes:message
Subject: RE: Versions of SSH and Sendmail
Date: Fri, 26 Jan 2007 16:18:40 -0800
Message-ID: <BB375AF679D4A34E9CA8DFA650E2B04E023923D8@onstor-exch02.onstor.net>
In-Reply-To: <20070126160239.68a8319b@ripper.onstor.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Versions of SSH and Sendmail
Thread-Index: AcdBpnXEjeFs6pQZSnqbhlI7TI6grAAAHxMw
From: "Eric Barrett" <eric.barrett@onstor.com>
To: "Andy Sharp" <andy.sharp@onstor.com>,
	"Michael Tracy" <mtracy@css.glasshouse.com>
Cc: "dl-cstech" <dl-cstech@onstor.com>

If he wants to do this, we don't strictly support it, but we have no
other way of doing it than the procedure Andy gave, so we can tell him
the procedure.

I'd flesh it out a bit:

1. mount -uw /
2. Edit /etc/ssh/sshd_config and make the changes as described below.
3. mount -ur /
4. Kill sshd as described below.

Also, this will have to be repeated after every upgrade.



-----Original Message-----
From: Andrew Sharp [mailto:andy.sharp@onstor.com]=20
Sent: Friday, January 26, 2007 4:03 PM
To: Michael Tracy
Cc: dl-cstech
Subject: Re: Versions of SSH and Sendmail

I assume you/customer means on the server (sshd).  I don't know if
there are any implications for other parts of the product, but you can
change the configuration file

/etc/ssh/sshd_config

and change the line

#Protocol 2,1

to

Protocol 2

(Uncomment and remove the '1') and restart sshd

find the pid for /usr/local/agile/sshd and kill it, then

# /usr/local/agile/bin/sshd

This will prevent the server from supporting protocol 1

Does this customer not have his filer(s) inside a competent firewall?

I would get clearance from CS before telling this to a customer,
however.

Cheers,

a

On Fri, 26 Jan 2007 18:49:28 -0500 "Michael Tracy"
<mtracy@css.glasshouse.com> wrote:

> Actually I see that in case 3587 that in the 1.3.2 release that they
> turned off listening on port 25 for sendmail.  Customer is ok with
> this.
>=20
> But his followup question on SSH is about the SSH protocols:
> He wants version 1R1.5 disabled.   Only version 2.
>=20
> Anyone know the SSH protocols?
>=20
> Thanks!
> Michael
>=20
> ----- Original Message -----=20
> From: "Michael Tracy" <mtracy@css.glasshouse.com>
> To: "John Rogers" <john.rogers@onstor.com>; "dl-cstech"=20
> <dl-cstech@onstor.com>
> Sent: Friday, January 26, 2007 6:34 PM
> Subject: Re: Versions of SSH and Sendmail
>=20
>=20
> > Thanks John
> > yeah, I see that on my box, now
> >
> > There was an old case (3587) requesting
> > sendmail binaries earlier than version 8.13.5 contain
> > remotely-exploitable code that could send the program into a race
> > condition. Time Inc. requests a patch to bring our filers up to
> > sendmail version 8.13.6 or later. Preferably this patch would not
> > necessitate filer reboots
> >
> > For which defect 15468 was opened.
> > Anyone know if we have plans to increase our version past 8.10.1?
> >
> > Michael
> > ----- Original Message -----=20
> > From: "John Rogers" <john.rogers@onstor.com>
> > To: "Michael Tracy" <mtracy@css.glasshouse.com>; "dl-cstech"=20
> > <dl-cstech@onstor.com>
> > Sent: Friday, January 26, 2007 6:22 PM
> > Subject: RE: Versions of SSH and Sendmail
> >
> >
> >> From BSD prompt you can query those components. There may be a more
> >> graceful/support savvy way to do it, but there is the info.
> >>
> >> # sendmail -d0.4 -bv root
> >> Version 8.10.1
> >> Compiled with: MAP_REGEX LOG MATCHGECOS MIME7TO8 MIME8TO7
> >> NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS QUEUE SCANF SMTP
> >> TCPWRAPPERS
> >>                USERDB XDEBUG
> >> canonical name: g2r9.sc1
> >> UUCP nodename: g2r9
> >>        a.k.a.: g2r9
> >>        a.k.a.: [10.2.9.2]
> >>        a.k.a.: [127.0.0.1]
> >>        a.k.a.: [192.167.2.1]
> >>
> >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D SYSTEM IDENTITY (after readcf) =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> >>      (short domain name) $w =3D g2r9
> >>  (canonical domain name) $j =3D g2r9.sc1
> >>         (subdomain name) $m =3D sc1
> >>              (node name) $k =3D g2r9
> >> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
> >>
> >> root... deliverable: mailer local, user root
> >> # ssh -v
> >> OpenSSH_4.2p1, OpenSSL 0.9.7g 11 Apr 2005
> >> usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c
> >> cipher_spec] [-D port] [-e escape_char] [-F configfile]
> >>           [-i identity_file] [-L [bind_address:]port:host:hostport]
> >>           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option]
> >> [-p port]
> >>           [-R [bind_address:]port:host:hostport] [-S ctl_path]
> >>           [user@]hostname [command]
> >>
> >> -----Original Message-----
> >> From: Michael Tracy [mailto:mtracy@css.glasshouse.com]
> >> Sent: Friday, January 26, 2007 3:11 PM
> >> To: dl-cstech
> >> Subject: Versions of SSH and Sendmail
> >>
> >> Hey all
> >> Here's a quick question
> >>
> >> what version of ssh does onstor everon use?
> >> also what version of sendmail do we use?
> >>
> >> More importantly, how/where would I find that?
> >>
> >> Michael
> >>
> >>
> >
> >=20
>=20
>=20
