OpenSSH Security Advisory: Trojaned Distribution Files
Eric Garff
egarff at omniture.com
Fri Aug 2 01:38:16 EST 2002
> 3. Solution:
>
> Verify that you did not build a trojaned version of the sources. The
> portable SSH tar balls contain PGP signatures that should be verified
> before installation. You can also use the following MD5 checksums for
> verification.
>
> MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8
> MD5 (openssh-3.4p1.tar.gz.sig) = d5a956263287e7fd261528bb1962f24c
> MD5 (openssh-3.4.tgz) = 39659226ff5b0d16d0290b21f67c46f2
> MD5 (openssh-3.2.2p1.tar.gz) = 9d3e1e31e8d6cdbfa3036cb183aa4a01
> MD5 (openssh-3.2.2p1.tar.gz.sig) = be4f9ed8da1735efd770dc8fa2bb808a
Are these the checksums of the clean or trojaned tarballs?
Thanks,
Eric Garff
More information about the openssh-unix-dev
mailing list