Hi, Just hoping for a little guidance before I upgrade both ssl and ssh.
With a new (Potato-based, linux-2.2.16) firewall in place between my SDSL connection and my internal network, I now want to open a secure telnet connection (port 22) to and from the outside, and to close the regular telnet connection (port 23). To accomplish that, I've downloaded openssh-2.1.1p4 from http://www.openssh.com/. Since that requires openssl-9.9.5a, I also added http://non-us.debian.org/debian-non-US woody/non-US main contrib non-free to my /etc/apt/sources.list so I can apt-get it. Currently, I have openssh-1.2.3-8, openssl-0.9.4-5, apache-ssl, and apache-perl on the firewall -- all installed via apt-get. I've run 3 apt-get simulations: 1.) apt-get --simulate install openssl -- which says it will upgrade openssl and add 1 required library, libssl095a. 2.) apt-get --simulate remove openssl -- which says it will remove apache-perl, apache-ssl and openssl, and install php3, apache-dev and apache-common. 3.) apt-get --simulate remove ssh -- which says it will just remove ssh. The only fly in the ointment (that I can see) is that I accepted the default expiration on the temporary certificate I made for apache-ssl back in April, so it has expired. ---> Okay, here's my question(s): Since there is no .deb file (AFAICT) for openssh-2.1.1p4, I'm going to have to apt-get remove (or dpkg --purge) ssh anyway and install the new version from source. Would there be any advantage to going to the extra trouble of removing/purging and re-installing openssl, apache-ssl and apache-perl? Besides, that is, getting the opportunity to create new certificates and keys now that I know a little more about how to do that? Of course, if the openssl upgrade gave me the same opportunity, that would clinch it for me. And one bug-a-boo, I _know_ I have seen a version of the openssl tookit saying it _includes_ the ssh functionalities, but for the life of me I can't re-locate that source. Was I dreaming? Any guidance would be vastly appreciated -- especially if there are better, simpler ways to go about updating the security features on the firewall which, btw, is a 486DX, 64Mb RAM, 514Mb HDD machine running Potato on a 2.2.16 kernel (with vague notions of bumping up to 2.4.0-test5, which is humming along nicely on my P II box, because I _love_ them iptables). Thanks in advance for any help, and for your patience with montefin
