Subject: Re: OpenSSH installation from package source
To: Ing.,BcA. Ivan Dolezal <>
From: Rick Byers <>
List: tech-security
Date: 07/01/2002 09:28:05
I believe its not intended for NetBSD 1.5+ users to install the openssh
package since openssh is part of the base OS.  Instead of installing the
package, you could update your sources to the latest NetBSD-1.5-release.
I don't think the package should be installing anywhere other than

However, I agree that the package install process probably should
generate a warning saying something like "your OS already includes openssh
which will be used by default unless your change your configuration".

Installing a package for a component thats part of your base OS will
allways be a headache.  Even if the package did automatically remove the
OS component, the next time you do a "build", it would get reinstalled.


On Mon, 1 Jul 2002, Ing.,BcA. Ivan Dolezal wrote:

> Hello,
>     I don't know whether you take this for a bug or a feature, but...
> I was running OpenSSH since 1.5.2 installation. This was running from
> /usr/sbin/sshd , which is OpenSSH_2.5.1
> After reinstalling the package I found out that the new version
> installed itself into /usr/pkg/sbin/sshd, not replacing the one in
> /usr/sbin/sshd. It didn't change the /etc/rc.d/sshd. It didn't adopt the
> old configuration file and keys. In other words: it was just a dead
> installation.
> Unfortunately, it didn't even bother to give any warning that simple
> restarting with the /etc/rc.d/sshd definitely is not a sufficient action
> and that very explicit manual changes are required in order to switch to
> the new version.
> IMHO: what if `make install' of this package just renamed the old files
> to some sshd.original, sshd_config.original etc. and softlinked into
> /usr/pkg/sbin, /usr/pkg/etc ... ?