On Wed, 2002-06-26 at 09:05, M A Young wrote:
> In case people haven't seen it, according to
> http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20584
> You can secure your system from the recent ssh security hole by turning
> off "challenge-response" authentication and restarting sshd.
Reviewing the announcement, I wonder if this affects Red Hat's OpenSSH
at all... The output of the configure process indicates positively that
the affected BSD Auth and S/KEY authentication mechanisms are not
available (see below), and connecting to a RHL machine with 'ssh -v'
does not indicate that any challenge-response authentication mechanisms
are available.
It seems to me that Red Hat is free to take their time about providing
an update to OpenSSH 3.4, making damn sure it works right. We've seen
several reports of upgrades that don't work quite right, and some of us
wouldn't be able to update to a broken version for any reason (firewalls
/good/...). Does anyone have a more informed opinion?
RHL OpenSSH build:
OpenSSH has been configured with the following options:
User binaries: /usr/bin
System binaries: /usr/sbin
Configuration files: /etc/ssh
Askpass program: /usr/libexec/openssh/ssh-askpass
Manual pages: /usr/share/man/manX
PID file: /var/run
sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin
Manpage format: doc
PAM support: yes
KerberosIV support: no
Smartcard support: no
AFS support: no
S/KEY support: no
TCP Wrappers support: yes
MD5 password support: no
IP address in $DISPLAY hack: no
Use IPv4 by default hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number source: OpenSSL internal ONLY
Host: i386-redhat-linux-gnu
Compiler: i386-redhat-linux-gcc
Compiler flags: -O2 -march=i386 -mcpu=i686 -Wall -Wpointer-arith
-Wno-uninitialized
Preprocessor flags:
Linker flags:
Libraries: -lwrap -lpam -ldl -lutil -lz -lnsl -lcrypto
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
