[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh2 and non-stable

Forwarded back into the list because it's important :)  It isn't really
laptop-ish anymore, but we laptop folks use ssh *a lot*!

I went back and looked at the descriptions - he's right, it does say OpenSSH,
but it does *not* says SSH2 support... 
...and the version isn't OpenSSH 2.3.0, it's 1.2 something so it's a really 
   old codebase.

The systems which I'm accessing appear to be offering both SSH1 and SSH2
support, so that's how I'm getting in.  I guess sometimes the pat answer 
isn't always the right one :/

Ok, so the 'ssh' package in potato appears to date from 1999 sometime.
Which begs the original question, what's in unstable, (a) is it newer enough
to handle both protocol, and (b) is it safe to use on potato?  

*Now* I'll try to answer the right question :D

   a) unstable's 'ssh' is OpenSSH, deb version 1:2.3.0p1-1.13
      testing's 'ssh' is OpenSSH, deb version 1:1.2.3-9.2
		not good enough to stick with testing :(

1. if you try to upgrade it directly it wants to upgrade your libc:
The following extra packages will be installed:
  libc6 libc6-dev libpam-modules libpam0g libssl096
The following packages will be REMOVED:
  gconv-modules locales
The following NEW packages will be installed:

  You can *do* this, but I recommend that if you're going to follow
  unstable, you upgrade the libc6 kit seperately, as it could generate
  hairy things on its own, and you want to settle those before settling
  down to get more "ordinary" packages again.

2. compiling it, hmm, it might be some work.
	On the assumption that it should also want its libraries:
	libssl doesn't insist on a libc update
	but pam does.

Since we have pam already, maybe we can get it to link against old pam.

So, I've got this little experimental chroot space, (a side effect of
the way I backed up during the second-last major revamp) and let's see
if I can't get unstable's ssh without a libc jump.
  1: make sure you have a bit of time free or a "real" CPU or just enjoy
     letting your disk chug in the background; my experimental area is 
     inside a pII and it took maybe 15 minutes.
  2: arrrrgh how do I keep it from trying to build gnome-askpass?
     alternatively (worse answer, imo - it should do like the pcmcia kit and
     not compile the toy it doesn't have parts for), how can I put *only* 
     gnome libraries in it that it will need for this.  And what do I file 
     as the bug, since autoconf did not spot this and let it try to build.
  You can (as far as I can tell; lynx-ssl stayed ok) safely
     apt-get install libssl096 libssl096-dev libwrap0 libwrap0-dev
     apt-get -b source ssh
	...but then it dies with error 1 when it can't compile gnome-askpass.

So, I still think it's possible, but they sure made it a pain in the butt,
since the package just isn't quite right yet.  Not a real surprise for unstable.


* Heather Stern * star@ many places...

----- Forwarded message from brew@theMode.com -----


I'm replying off list to something you pointed out to me.....

> The package named 'ssh' states boldly in its description that it is 
> OpenSSH and supports both SSH1 and SSH2.  And I have been using it without
> hindrance or care about which one the servers I'm touching were running.
> ssh -V should tell you what version you've got, but there are lots of
> commandline options.  What message do you get back when you try to connect
> to these SSH2 servers? 

No where can I find in the description of any (stable, testing, or
nonstable) of the ssh packages that it
supports SSH2.  I could be confused.

There is mention of SSH2 a few places in unstable, and there is a package
called ssh2 there. 

I'm running 

debian 2.2

SSH Version 1.2.27 protocol version 1.5.
Standard version.  Does not use RSAREF

I think that's actually ssh-nonfree, I couldn't get ssh to handle 
Protocol 2 and switched to ssh-nonfree.  I think after I send this I'll
switch back and see if I somehow missed a command line switch.


Reply to: