[TriLUG] OpenSSH Versions and disabling root ssh.

[Joshua Gitlin]

Hello Everyone,

I recently got a dedicated RedHat 9 server set up. (I did decide to go 
with LiquidWeb for those of you who were following my earlier 
discussion, and I've been happy with tjem so far). The server has 
OpenSSH version OpenSSH_3.5p1 installed on it... Since there have been 
a few security holes in OpenSSH, I wanted to make sure that this 
version was secure... I was previously running OpenSSH_3.6.1p2 on a 
Mandrake system, but when I tried to update through yum I was told that 
openssh was up to date...

Also, I disabled root SSH in my sshd_config dile, for security. However 
the behavior is different than what I'm used to. When I've disabled 
root SSH in the past, the effect has been that trying to log in as root 
just asks for a password three times, regardless of the password 
entered. However on this new system, if the correct password is entered 
the connection is jus closed. I'd prefer to have it keep asking for a 
password; it makes it even less obvious if someone's trying to 
brute-force or guess the root PW... Anyone know why the behavior is 
different?

TIA.

-Josh

-----------
Due to the recent increase in spam and falsely sent email, I now PGP 
Sign all of my outgoing mail to prove my identity. This means that you 
will see an attachment called "PGP.sig" with this message. This 
attachment can be used to prove that I am who I say I am. If you are 
not familiar with PGP, you can safely ignore it. For more information, 
please visit http://www.pgp.com/ or http://www.gnupg.org/



-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20040208/9a04b136/attachment.pgp>