[REDHAT] Re: OpenSSH bug workaround *NOT NEEDED* (fwd)
John Chambers
jc at trillian.mit.edu
Thu Jun 27 00:03:08 EDT 2002
Bill Carlson wrote:
|
| The "bug" does not appear to affect Redhat supplied OpenSSH, neither S/KEY
| not BSD Auth is configured.
|
| Gordon is correct as far as I can tell, THERE IS NO VUNLERABILITY for
| Redhat supplied OpenSSH for this particular issue. There is NO NEED to
| upgrade yet. I've heard of at least one possible hole in the 3.3 version
| (sorry, lost the link) so don't upgrade blindly.
Another reason you might want to wait: I tried installing 3.3 on my
home machine. I can now ssh out, but incoming connections all get
"Permission denied" after I type the password, and /var/log/messages
gets a "Failed password for jc from 64.28.81.46 port 46127 ssh2" type
message. This fails the same way for all the outside machines that I
have accounts on. So far, I haven't found any clues about how to get
it to work again. I hope I don't have to enable telnet and ftp ...
More information about the Discuss
mailing list