To sum up many posts and hopefully wrap up this thread...
I've posted a new sshd.lrp at www.nothome.org:8000
The only change is a new /usr/sbin/add-sshd-user script, in response to Charles'
comment that it would be nice to have a script to add the sshd user. The script isn't
pretty, and it
Interesting observations in the logs.
When the SSH zlib problem came up, I had lots of port 22 entries in the
logs for awhile.
Until Monday I had not been nmaped port scanned in a long long time. It
appears like the hackers like to use class C range scans on one port. I
have two dachstein
Nathan Angelacos wrote:
>
> >I'm curious about /etc/group modification?
> >
> >I've upgraded two (2) potato's and two (2) woody's. Yes, there is a
> >new user in passwd/shadow; but, I do not have any new group for
> >sshd.
> >
> >Yes, I have seen the instructions for installing manually; but, I
Nathan Angelacos wrote:
>
> On 1 Jul 2002 at 22:38, Greg Morgan wrote:
>
> Long answer: According to
>
> http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=102495293705094&w2
>
> Privilege separation takes ~24500 lines of code and puts it in a chroot
> jail, leaving only ~2500 lines of code
Nathan Angelacos wrote:
>
> >I'm curious about /etc/group modification?
> >
> >I've upgraded two (2) potato's and two (2) woody's. Yes, there is a
> >new user in passwd/shadow; but, I do not have any new group for
> >sshd.
> >
> >Yes, I have seen the instructions for installing manually; but, I
>I'm curious about /etc/group modification?
>
>I've upgraded two (2) potato's and two (2) woody's. Yes, there is a
>new user in passwd/shadow; but, I do not have any new group for
>sshd.
>
>Yes, I have seen the instructions for installing manually; but, I
>cannot find a reason for the special
Jacques Nilo wrote:
>
[ snip ]
> > At this point, a default compile of OpenSSH will use privilege separation
> > with the sshd user. For new LEAF installations/releases, do we want to
> > deviate from the (new) OpenSSH standard, or accomodate it and move on?
> >
> I have a clear position on th
Le Mardi 2 Juillet 2002 18:20, Nathan Angelacos a écrit :
> On 1 Jul 2002 at 22:38, Greg Morgan wrote:
> >I believe you need to correct your web site. It says that you changed
> >the location of ssh_config in the packages. I believe there are two
> >configuration files with one character differen
> At this point, a default compile of OpenSSH will use privilege
separation
> with the sshd user. For new LEAF installations/releases, do we want
to
> deviate from the (new) OpenSSH standard, or accomodate it and move on?
>
> Either answer is fine with me, as long as there is some sort of
informe
On 1 Jul 2002 at 22:38, Greg Morgan wrote:
>I believe you need to correct your web site. It says that you changed
>the location of ssh_config in the packages. I believe there are two
>configuration files with one character different, a d.
>ssh.lrp contains /etc/ssh/ssh_config.
>sshd.lrp co
"Nathan Angelacos" <[EMAIL PROTECTED]> wrote:
> I've compiled new openSSH 3.4p1 lrps based on J. Nilo's packages.
> Since they are larger than the patch manager limit,
> they are available for download at http://www.nothome.org:8000/
I believe you need to correct your web site. It says that you
I've compiled new openSSH 3.4p1 lrps based on J. Nilo's packages.
Since they are larger than the patch manager limit,
they are available for download at http://www.nothome.org:8000/
I'll leave the page up until next Friday (5 Jul 2002.)
The md5 sums for the packages are:
92395eae
On Wed, 2002-06-26 at 17:59, Nathan Angelacos wrote:
>
> >On Wed, 2002-06-26 at 08:08, Mike Noyes wrote:
> >The vulnerability details are now public.
>
> Thanks for the heads-up, Mike. Unfortunately I only subscribe to the
> digest, so I got your notice after my post.
>
> Needless to
>On Wed, 2002-06-26 at 08:08, Mike Noyes wrote:
>The vulnerability details are now public.
Thanks for the heads-up, Mike. Unfortunately I only subscribe to the
digest, so I got your notice after my post.
Needless to say, I'll be putting together a brand-new *3.4* openSSH lrp
tomor
On Wed, 2002-06-26 at 08:08, Mike Noyes wrote:
> On Wed, 2002-06-26 at 07:05, David Douthitt wrote:
> > Sounds like the bug isn't "fixed" but a work-around exists...
>
> David,
> You're correct. There are a list of recent security advisories on this
> at:
> http://www.linuxsecurity.com/advisories
On Wed, 2002-06-26 at 07:05, David Douthitt wrote:
> On Mon, Jun 24, 2002 at 03:14:39PM -0700, Mike Noyes wrote:
>
> > There is a problem with OpenSSH.
> >
> > [Fwd: [SECURITY] [DSA-134-1] OpenSSH remote vulnerability]
> > Theo de Raadt announced that the OpenBSD team is working with ISS
> >
On Mon, Jun 24, 2002 at 03:14:39PM -0700, Mike Noyes wrote:
> There is a problem with OpenSSH.
>
> [Fwd: [SECURITY] [DSA-134-1] OpenSSH remote vulnerability]
> Theo de Raadt announced that the OpenBSD team is working with ISS
> on a remote exploit for OpenSSH (a free implementation of th
17 matches
Mail list logo
