[TriLUG] Re: OpenSSH Security Advisory (adv.iss)
Jeremy Katz
katzj at linuxpower.org
Wed Jun 26 15:10:02 EDT 2002
On Wed, 2002-06-26 at 14:55, Brian Daniels wrote:
> On Wed, Jun 26, 2002 at 12:56:01PM -0400, James Manning wrote:
> > 3. Short-Term Solution:
> >
> > Disable ChallengeResponseAuthentication in sshd_config.
> >
>
> Note that the 'short-term solution' is an _easy_ fix. Just edit
> sshd_config and restart sshd. Do it now, then watch for your vendor to
> issue an update if you're uncomfortable with compiling OpenSSH yourself.
Note that you also need to disable PAMAuthenticationViaKbdInt if you've
enabled it. The option defaults to off if not listed, so this is only a
concern if you have
PAMAuthenticationViaKbdInt yes
in your /etc/ssh/sshd_config
Cheers,
Jeremy
More information about the TriLUG
mailing list