-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 26 June 2002 11:38 am, Bob George wrote: > Anyhow, I'm running Debian and just did an apt-get dist-upgrade to > OpenSSH 3.3p1-0.0potato6. I run sshd only on a non-default port *not* > covered by nmap by default. I think I'm in pretty good shape, but wanted > to check with others and see if there are any other recommendations > (short of shutting it off). You have probably already done this, but OpenSSH 3.3p1 is still vulnerable. The key is that it now supports privilege separation which should trap them in a little box where they can't do anything. To enable this, add the following line to your sshd config file. UsePrivilegeSeparation yes - -- Logan Kennelly ,,, (. .) - --ooO-(_)-Ooo-- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9GjWgpNoctRtUIRQRAoW0AJwOAFyHaqINkNYLePFNl94UESotJQCcCxKh R3jItIem0CD/HrpNELqBU+4= =+a36 -----END PGP SIGNATURE-----