[linux-elitists] SECURITY: Theo says test the new OpenSSH release or else!

Don Marti dmarti@zgp.org
Mon Jun 24 16:20:48 PDT 2002


http://www.mindrot.org/pipermail/openssh-unix-announce/2002-June/000041.html

> OpenSSH 3.3p was released a few days ago, with various improvements
> but in particular, it significantly improves the Linux and Solaris
> support for priv sep.  However, it is not yet perfect.  Compression is
> disabled on some systems, and the many varieties of PAM are causing
> major headaches.
> 
> However, everyone should update to OpenSSH 3.3 immediately, and enable
> priv seperation in their ssh daemons, by setting this in your
> /etc/ssh/sshd_config file:
> 
>       UsePrivilegeSeparation yes
> 
> Depending on what your system is, privsep may break some ssh
> functionality.  However, with privsep turned on, you are immune from
> at least one remote hole.  Understand?
> 
> 3.3 does not contain a fix for this upcoming bug.

I have temporarily shut off ssh access to this server; if you really
need to get in, FedEx me a modem.

-- 
Don Marti                                          
http://zgp.org/~dmarti                       Help spread accurate information 
dmarti@zgp.org                      about Xenu and the Church of Scientology.
KG6INA           <a href="http://xenu.net/">Scientology</a> on your web site.



More information about the linux-elitists mailing list