Date: Thu, 27 Jun 2002 17:04:26 -0500 (CDT) From: Steven Lake <raiden@shell.core.com> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: Steven Lake <raiden@shell.core.com>, <freebsd-questions@FreeBSD.ORG> Subject: Re: sshd_config question Message-ID: <Pine.GSO.4.44L0.0206271651470.6057-100000@shell.core.com> In-Reply-To: <20020627211440.GB5504@happy-idiot-talk.infracaninophi>
next in thread | previous in thread | raw e-mail | index | archive | help
Ok, I'm actually using 3.4p1, but I hadn't wiped my old config file because I wanted to keep some of those customizations for security reasons. :) But I did add those extra two lines in there from you so as to make this more secure. On Thu, 27 Jun 2002, Matthew Seaman wrote: > On Thu, Jun 27, 2002 at 03:53:38PM -0500, Steven Lake wrote: > > > HI all. Quick question. After doing some reading I noticed > > something about the openssh vulnerability and I had a question. Here's my > > sshd_config file, does it have everything set correctly to be clear of the > > vulnerability? Just curious. Thanks. > > Looks like you're using OpenSSH-2.9 as supplied with 4-STABLE. > According to CERT (http://www.cert.org/advisories/CA-2002-18.html), > all that is necessary for that version is: > > ChallengeResponseAuthentication no > > You're fine. > > Later versions (2.9.9 - 3.4p1) should also have: > > PAMAuthenticationViaKbdInt no > UsePrivilegeSeparation yes > > Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks > Savill Way > Tel: +44 1628 476614 Marlow > Fax: +44 0870 0522645 Bucks., SL7 1TH UK > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.44L0.0206271651470.6057-100000>