SSH - Preparing for the big one (was Re: SSH Exploit Revealed (fwd))
Logan Kennelly
plug-discuss@lists.plug.phoenix.az.us
Wed, 26 Jun 2002 14:43:50 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday 26 June 2002 11:38 am, Bob George wrote:
> Anyhow, I'm running Debian and just did an apt-get dist-upgrade to
> OpenSSH 3.3p1-0.0potato6. I run sshd only on a non-default port *not*
> covered by nmap by default. I think I'm in pretty good shape, but wanted
> to check with others and see if there are any other recommendations
> (short of shutting it off).
You have probably already done this, but OpenSSH 3.3p1 is still vulnerable.
The key is that it now supports privilege separation which should trap them
in a little box where they can't do anything. To enable this, add the
following line to your sshd config file.
UsePrivilegeSeparation yes
- --
Logan Kennelly
,,,
(. .)
- --ooO-(_)-Ooo--
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9GjWgpNoctRtUIRQRAoW0AJwOAFyHaqINkNYLePFNl94UESotJQCcCxKh
R3jItIem0CD/HrpNELqBU+4=
=+a36
-----END PGP SIGNATURE-----