[TriLUG] Re: OpenSSH Security Advisory (adv.iss)
Brian Daniels
trilug@trilug.org
Wed, 26 Jun 2002 14:55:33 -0400
On Wed, Jun 26, 2002 at 12:56:01PM -0400, James Manning wrote:
> 3. Short-Term Solution:
>
> Disable ChallengeResponseAuthentication in sshd_config.
>
Note that the 'short-term solution' is an _easy_ fix. Just edit
sshd_config and restart sshd. Do it now, then watch for your vendor to
issue an update if you're uncomfortable with compiling OpenSSH yourself.
(As an aside, anyone know what's up with Alan Cox suggesting that Theo
might be trojaning OpenSSH? That's a heck of an accusation...)
--Brian
--
Anything you can imagine (and many things you can't),
someone on the net is doing.
Brian Daniels bitmage@bellsouth.net
http://www.eviloverlord.net