From owner-freebsd-security@FreeBSD.ORG  Thu Sep 23 07:26:41 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4A92216A4F7
	for <freebsd-security@freebsd.org>;
	Thu, 23 Sep 2004 07:26:41 +0000 (GMT)
Received: from cleaton.net (cleaton.net [82.138.248.193])
	by mx1.FreeBSD.org (Postfix) with SMTP id 68C8C43D41
	for <freebsd-security@freebsd.org>;
	Thu, 23 Sep 2004 07:26:40 +0000 (GMT)
	(envelope-from nick@cleaton.net)
Received: (qmail 83051 invoked by uid 0); 23 Sep 2004 07:26:38 -0000
Received: from cleaton.net (HELO lt4.cleaton.net) (82.138.248.193)
  by cleaton.net with SMTP; 23 Sep 2004 07:26:38 -0000
Received: from nick by lt4.cleaton.net with local (Exim 4.30)
	id 1CAO2S-0000SV-Jg; Thu, 23 Sep 2004 09:29:12 +0200
Date: Thu, 23 Sep 2004 09:29:12 +0200
From: Nick Cleaton <nick@cleaton.net>
To: Chris Ryan <chrisryanemail@yahoo.com.au>
Message-ID: <20040923072912.GK5340@lt1.cleaton.net>
References: <20040923045229.GJ5340@lt1.cleaton.net>
	<20040923070809.14655.qmail@web51010.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20040923070809.14655.qmail@web51010.mail.yahoo.com>
User-Agent: Mutt/1.3.28i
cc: freebsd-security@freebsd.org
Subject: Re: Attacks on ssh port
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Sep 2004 07:26:41 -0000

On Thu, Sep 23, 2004 at 05:08:09PM +1000, Chris Ryan wrote:
> 
[SNIP]
> > I've patched my sshd so
[SNIP]
> 
> so does that mean you have to rebuild ssh everytime
> there is a security update for sshd?

Yup.

An alternative that avoids that would be to run something out of inetd
that reads the token and then execs sshd.


Nick


-- 
$_='YN8KuE***  http://www.exonetric.com/  Telehouse UK colo  ***HARQr**'
.'NfzV0YrC1***     GBP40/month +VAT 40G BW no setup fee     ***MnjJ**'
.'6QvtcPgQ20***                                            ***nlS**'
;s/(.)(.*(.))/$2.chr(32+(ord($1)+ord$3)%89)/euntil/Foo/;eval#****'