[buug] Problems installing open-ssh

[Christopher Sullivan]

On Thu, 20 Jul 2000, Rick Moen wrote:

> begin  Zeke Krahlin quotation:
> 
> > So I downloaded openssl-0.9.5-1.i386.rpm, which link was provided in the
> > page where I downloaded openssh: 
> > 
> >      http://ftp.jyu.fi/RPM/contrib/libc6/i386/openssh-1.2.3-1.i386.html 
> 
> It's really bad idea to assume that you can just install any old RPM
> Intel binaries on any old RPM-based Intel distribution.  Not only does
> that make failures such as you experienced happen quite often, but you
> can also apparently seriously hose your system.

It's not even always a good idea to install an RPM from [insert your least
favorite rpm using distribution here] on a Debian system through alien.  

Even worse: it's usually considered poor security practice to run
precompiled binaries for any "secure" application.  Better to get the raw
source from a known good site, compare MD5 hashes and/or PGP/GPG
signatures, and roll it yourself.

> You know, this is the sort of thing that really pisses me off.  Those
> little weasels at the NSA have managed to browbeat even a _French_ Linux
> distribution into shipping without effective crypto.  One of these days,
> I may just walk up to the gates of Fort Meade and present them with a
> bill for all my wasted time.

Ah, come on, Rick.  You don't actually believe our good government in this
fine nation would do something like that, do you?

All the more reason to roll your own code anyway, IMHO.

> I'm telling you, and I know this is awfully blunt:  Stop wasting your
> time with Que books.  Learn how this stuff works, so you can do your
> clients justice.

Give Zeke a little bit of credit.  He's at least trying to learn.

This brings up an interesting point, something that sorely lacks.  In
SoCal, one of the user groups (a Novell user group, ironically
enough) operated an open lab where members (and non-members, for a small
donation) wre invited to come down and break things.  On Saturday, they
operated an 'open house', staffed with known local experts on certain
topics.  It was all well organized and scheduled: on the second Saturday
of every month, you knew that some fat guy named "feedle" who was very
good with cranky hardware would be there from 11am to around 3pm, and
would be willing to get your weird-ass sound card working if you brought
him a beer and/or some pizza.  Again, although the user group was Novell
targetted, we ended up spending a good percentage of our time working on
Linux.  I'm unaware if they are even still around (I moved out of Orange
County three years ago), but it worked well at the time.

This sounds like an excellent thing for the LinuxCabal et. al. to get
involved in.  Hell, I'd volunteer a few hours a month to babysit such an
operation.  This kinda fits in with my "installfests suck" thought
process: this provides a better environment for dealing with complex
installs and hardware wrangling than a small table at a Robert Austin
computer show.

But I'm digressing.  Rick, if you want to continue to discuss this, feel
free to break this out into another thread, or E-mail me.

> The FHS document's current version (2.1) can be found at 
> http://www.pathname.com/fhs/pub/ , but only in PDF format.  (What's up
> with that, Dan?  Have you gone pointy-haired and stupid on us?) 

PDF.  Yuck.

That being said, the (older) HTML version is just as valid, and in fact,
preferred (IMHO) because it's not quite so.. well, bureaucratic.

> By the way, if you need access to SSH clients for _any_ platform, I 
> maintain the most comprehensive list anywhere in the world that I
> (and the SSH mailing list) know of:
> 
> http://linuxmafia.com/pub/linux/security/ssh-clients

Plug-o-Matic!

On the OpenSSH topic, I can honestly say that the hardest part of rolling
your own OpenSSH is that OpenSSL dosen't always build right the first time
around on some platforms.  I've had a lot of trouble getting it built on
Solaris the first time around... until I discovered that having glib makes
life a lot easier. (grin)

-Fedl