# OpenSSH trojaned; is ebuild affected?

## slinkan

Just read over at LWN that the latest SSH is Trojaned on openbsd's ftp, does anyone know if the latest ebuild is affected by this trojan? 

Or for that matter ANY ebuild of openSSH?

thanks!

regards 

slinkan

----------

## Chris W

That modification does not appear in the openssh-3.4p1.tar.gz in my distfiles copy (from the Gentoo IBiblio site).

----------

## slinkan

 *Chris W wrote:*   

> That modification does not appear in the openssh-3.4p1.tar.gz in my distfiles copy (from the Gentoo IBiblio site).

 

Good, I wasn't sure how to check, looked around in the portage dir, but couldn't find the gzip file... 

Thank you very much!

regards

slinkan

[edit]  AAAAWW!! dammit, just saw that this already had been discussed! Sorry for beeing a n00b and not using search! [/edit]

----------

## Soupy

If you, theoretically, managed to end up with the trojaned openssh sources when you tried to run that ebuild, it should have failed the md5 sum check and not built.

----------

## Zu`

 *Soupy wrote:*   

> If you, theoretically, managed to end up with the trojaned openssh sources when you tried to run that ebuild, it should have failed the md5 sum check and not built.

 

Correct -- MD5 can really save you a lot of trouble, in cases like this.

----------

## pjp

Just in case anyone else finds this... there are several threads on this topic already:

Posted: Wed Jun 26th, 2002 14:07    Post subject: OpenSSH 3.4

Posted: Wed Jun 26th, 2002 20:35    Post subject: [gentoo-announce] GLSA: OpenSSH (The official Gentoo Security announcement)

Posted: Thu Aug 01st, 2002 07:44    Post subject: Trojan in OpenSSH 3.4p1(locked in favor of this next one)

Posted: Thu Aug 01st, 2002 06:19    Post subject: FYI: OpenSSH Trojan.

This thread was "Posted: Fri Aug 02nd, 2002 02:24".

I'm mainly trying to demonstrate why using search is important.

----------

