Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[REDHAT] Re: OpenSSH bug workaround *NOT NEEDED* (fwd)

Bill Carlson wrote:
| The "bug" does not appear to affect Redhat supplied OpenSSH, neither S/KEY
| not BSD Auth is configured.
| Gordon is correct as far as I can tell, THERE IS NO VUNLERABILITY for
| Redhat supplied OpenSSH for this particular issue. There is NO NEED to
| upgrade yet. I've heard of at least one possible hole in the 3.3 version
| (sorry, lost the link) so don't upgrade blindly.

Another reason you might want to wait:  I tried installing 3.3 on  my
home  machine.   I  can now ssh out, but incoming connections all get
"Permission denied" after I type the password, and  /var/log/messages
gets a "Failed password for jc from port 46127 ssh2" type
message.  This fails the same way for all the outside machines that I
have accounts on.  So far, I haven't found any clues about how to get
it to work again.  I hope I don't have to enable telnet and ftp ...

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /