[Momonga-devel.en:00025] Re: openssh vulnerability

From: zunda <zunda616e@xxxxxxxxxxx>
Date: Wed, 24 Sep 2003 16:38:22 +0900 (JST)

Hi all,
(B
(Bkazuhiko updated the OpenSSH package to 3.7.1p2 with the following
(Bchange on sshd_config to make it easier to disable PasswordAuthentication..
(BIt also disallows RootLogin.
(B
(Bn.b. Since 3.7.1p1, UsePAM has been defaulted to No, when sshd_config
(Bdoes not specify.
(Bhttp://www.st.ryukoku.ac.jp/~kjm/security/ml-archive/bugtraq/2003.09/msg00353.html
(B
(BCheers,
(Bzunda
(B
(B> --- openssh-3.7.1p2/sshd_config.orig    2003-09-02 21:51:18.000000000 +0900
(B> +++ openssh-3.7.1p2/sshd_config 2003-09-24 09:15:52.000000000 +0900
(B> @@ -34,6 +34,7 @@
(B> > #LoginGraceTime 2m
(B> #PermitRootLogin yes
(B> +PermitRootLogin no
(B> #StrictModes yes
(B> > #RSAAuthentication yes
(B> @@ -70,6 +71,7 @@
(B> # and session processing. Depending on your PAM configuration, this may
(B> # bypass the setting of 'PasswordAuthentication'
(B> #UsePAM yes
(B> +UsePAM no
(B> > #AllowTcpForwarding yes
(B> #GatewayPorts no
(B
(B
(B__________________________________________________
(BDo You Yahoo!?
(BYahoo! BB is Broadband by Yahoo!
(Bhttp://bb.yahoo.co.jp/

Prev by Date: [Momonga-devel.en:00024] openssh vulnerability
Next by Date: [Momonga-devel.en:00026] (security fix) openssl-0.9.7c-1m
Previous by thread: [Momonga-devel.en:00024] openssh vulnerability
Next by thread: [Momonga-devel.en:00026] (security fix) openssl-0.9.7c-1m
Index(es):
- Date
- Thread