On Wednesday 26 June 2002 11:38 am, Bob George wrote:
> Anyhow, I'm running Debian and just did an apt-get dist-upgrade to
> OpenSSH 3.3p1-0.0potato6. I run sshd only on a non-default port *not*
> covered by nmap by default. I think I'm in pretty good shape, but wanted
> to check with others and see if there are any other recommendations
> (short of shutting it off).
You have probably already done this, but OpenSSH 3.3p1 is still vulnerable.
The key is that it now supports privilege separation which should trap them
in a little box where they can't do anything. To enable this, add the
following line to your sshd config file.
UsePrivilegeSeparation yes
- --
Logan Kennelly
,,,
(. .)
- --ooO-(_)-Ooo--
(text/plain)