Upgrade openssl .deb? or purge old ver and install new?

To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: Upgrade openssl .deb? or purge old ver and install new?
From: montefin <montefin@finux.com>
Date: Tue, 18 Jul 2000 14:00:40 -0600
Message-id: <[🔎] 3974B768.F0CA4963@finux.com>

Hi,

Just hoping for a little guidance before I upgrade both ssl and ssh.

With a new (Potato-based, linux-2.2.16) firewall in place between my
SDSL connection and my internal network, I now want to open a secure
telnet connection (port 22) to and from the outside, and to close the
regular telnet connection (port 23).

To accomplish that, I've downloaded openssh-2.1.1p4 from
http://www.openssh.com/. Since that requires openssl-9.9.5a, I also
added http://non-us.debian.org/debian-non-US woody/non-US main contrib
non-free to my /etc/apt/sources.list so I can apt-get it.

Currently, I have openssh-1.2.3-8, openssl-0.9.4-5, apache-ssl, and
apache-perl on the firewall -- all installed via apt-get.

I've run 3 apt-get simulations:

1.) apt-get --simulate install openssl -- which says it will upgrade
openssl and add 1 required library, libssl095a.

2.) apt-get --simulate remove openssl -- which says it will remove
apache-perl, apache-ssl and openssl, and install php3, apache-dev and
apache-common.

3.) apt-get --simulate remove ssh -- which says it will just remove ssh.

The only fly in the ointment (that I can see) is that I accepted the
default expiration on the temporary certificate I made for apache-ssl
back in April, so it has expired.

---> Okay, here's my question(s): Since there is no .deb file (AFAICT)
for openssh-2.1.1p4, I'm going to have to apt-get remove (or dpkg
--purge) ssh anyway and install the new version from source. Would there
be any advantage to going to the extra trouble of removing/purging and
re-installing openssl, apache-ssl and apache-perl? Besides, that is,
getting the opportunity to create new certificates and keys now that I
know a little more about how to do that? Of course, if the openssl
upgrade gave me the same opportunity, that would clinch it for me.

And one bug-a-boo, I _know_ I have seen a version of the openssl tookit
saying it _includes_ the ssh functionalities, but for the life of me I
can't re-locate that source. Was I dreaming?

Any guidance would be vastly appreciated -- especially if there are
better, simpler ways to go about updating the security features on the
firewall which, btw, is a 486DX, 64Mb RAM, 514Mb HDD machine running
Potato on a 2.2.16 kernel (with vague notions of bumping up to
2.4.0-test5, which is humming along nicely on my P II box, because I
_love_ them iptables).

Thanks in advance for any help, and for your patience with

montefin

Reply to:

Follow-Ups:
- Re: Upgrade openssl .deb? or purge old ver and install new?
  - From: montefin <montefin@finux.com>

Prev by Date: Re: X Terminals
Next by Date: Re: Background mail transfers
Previous by thread: Re: X Terminals
Next by thread: Re: Upgrade openssl .deb? or purge old ver and install new?
Index(es):
- Date
- Thread