LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

January 2023

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS January 2023

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: SL6 ssh fail
From:	Nico Kadel-Garcia <[log in to unmask]>
Reply To:	Nico Kadel-Garcia <[log in to unmask]>
Date:	Mon, 9 Jan 2023 20:04:19 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (48 lines)

On Mon, Jan 9, 2023 at 4:15 PM Konstantin Olchanski <[log in to unmask]> wrote:
>
> On Sun, Jan 08, 2023 at 08:48:33AM -0500, Nico Kadel-Garcia wrote:
> >
> > There is a third party SRPM at:
> >            https://urldefense.proofpoint.com/v2/url?u=http-3A__rnd.rajven.net_centos_6_os_SRPMS_openssh-2D6.4p1-2D1cnt6.1.src.rpm&d=DwIBaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=APF_X_sbP87-U3byu32i-cPT0N0xHPBEhLmLSTRjCbrt6c02NpZBAfu3Z0LoBDLm&s=RoFP8HoZRy6liEx_Q1o6LAJzDhmsdUjdbqtBPSwXUrI&e=
> >
>
> For the record, urldefence successfully obscures the fact that it points
> to rnd.rajven.net which happens to be registered in Moscow, Russia, per
> xttps://www.whois.com/whois/rajven.net

Yeah. That's what SRPMs are for, you can validate the source tarballs
and review any patches and the .spec file. I've stashed an extracted
copy, with some build setups, ove rat:

      https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_nkadel_openssh-2Del6-2Dsprm&d=DwIFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=eVSUypNdoUa2w3353fopIRG8PaxNCEPpwIVwfTocUtsNDu918dKEP8YgY09rLJ8V&s=99VtsxOpeTvgPnZrGKRKy7rDcl3d3tRYlrZ8smUdBjg&e= 

> A year ago, I would have said, yay, thanks!
>
> But after certain recent events, I say thank you, but no, thanks.
>
> P.S.
>
> It looks like my remaining option is to build openssh from OpenBSD "portable" sources.

See above. That will help build clean RPMs for your local SL6
environment. And yes, I've been doing this sort of thing since...
2000. If you like, I'd be happy to walk you through how to do those,
but that might not be appropriate for the whole mailing list.

Nico Kadel-Garcia


> P.P.S. to answer some comments:
>
> - obsolete - only because you say so. like a mechanical bike, it does today what it did yesterday, users are happy.
> - "so old" - like a grand-father's axe, most our SL6 machines hardware was upgraded 2-3 times by now, they run from SSDs on DDR3/DDR4 RAM machines.
> - exception is VME processors - true Pentium-3 and Pentium-4 machines, fit for a museum. purported replacement ("core-2 duo" CPU) was a lemon (high mortality, all dead now). next purported replacement was okey, but went out of production too soon. "just replace it" people, should look at current prices for VME processors and VME hardware, then ask about delivery times, then come back with suggestions (and $$$).
> - insecure - exactly where? ssh insecure? nfs insecure? https insecure (A+ score from SSLlabs)?
> - "hide behind firewall!" - done, 1-2 layers of firewalls. external ssh and https access is required by function.
> - VMs, containers - shuffle chairs in the titanic, does not address any of the issues above.
> --
> Konstantin Olchanski
> Data Acquisition Systems: The Bytes Must Flow!
> Email: olchansk-at-triumf-dot-ca
> Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV