Run sshd -V
or ssh -V
and they'll return the version and usage information.
Note: These are capital "V" now, when I originally wrote this answer they were lower case.
There's a dozen ways to upgrade.
pkg-add -r openssh-portable
cd /usr/ports/security/openssh && make install clean
portupgrade security/openssh-portable
- part of the makeworld/buildworld process
- freebsd-upgrade
- and the list goes on...
I'm not aware of any issues with the 5.2p1 version that shipped with 8.1-RELEASE. I have seen hoax e-mails flying around for over a year now announcing the imminent release of a zero day hack (note that it's been a year and a half since release, so 'zero' day was a heck of a long time ago).
I have never been fully satisfied with the ports system in a large environment -- It always seems like you need to apply some external management to it in order to make it work well.
My best tips (in order of ascending preference, "worst" solution to "best" solution):
If you're building on each host, don't.
If you must, don't do it over NFS with read-write mounts like you describe: You can usually trust the ports to Do The Right Thing and not stomp on the ports tree if you provide alternate work directories, but it's always better to be safe than sorry: Run a local CVS/csup mirror and csup all your hosts from that box, then build locally as you would if they were individual machines.
Yes, I know this means having more disk space on the hosts and an extra step. It's also almost guaranteed to be problem-free.
Caveat: You probably want to sync the package configuration files (rsync or similar) from a designated "configuration host" to ensure consistency on each machine (you can even rsync the whole ports tree if you want, rather than using csup on each node).
Use a Build Host, create packages, and install those.
A much better solution than building on each individual machine: Use a build host to create packages, and point your tools at those packages.
This means keeping a build host around for every architecture you run (or cross-compiling), but it's ultimately nicer for your target machines (no large compile jobs, a guarantee of consistency)
Use a configuration/system management tool.
This is the solution I wound up with -- I build a standard server image and deploy it around my environment using radmind
. You can do similar things with Puppet or Chef. This has all the advantages of using a build host (consistency, less load on the individual servers), and adds the benefit of configuration management.
Caveat: This only works really well if your machines are "identical" -- That is you can install the same set of ports on all of them. It can work if you have varying sets of ports, but that substantially increases the administrative overhead.
Disclaimer: I'm the port maintainer for sysutils/radmind
. Yeah, I like it that much that I adopted it.
All of this is based on my experience managing various-sized FreeBSD environments (ranging from 1-2 machines to over 100). Configuration/System Management tools that push and maintain a standardized image are really the best way to handle this in my experience.
Best Answer
On FreeBSD-10.2 there's a new option to allow this:
freebsd-update fetch --not-running-from-cron
From the manpage: