You can get backported Red Hat RPMs from ftp://updates.redhat.com
--
Chris Purcell, RHCE
> http://zdnet.com.com/2100-1105_2-5077796.html?tag=zdfd.newsfeed
>
> http://openssh.org/
>
> You can get the source from http://openssh.org. Good luck finding the
> rpms. Let us know where you find them.
>
http://zdnet.com.com/2100-1105_2-5077796.html?tag=zdfd.newsfeed
http://openssh.org/
You can get the source from http://openssh.org. Good luck finding the
rpms. Let us know where you find them.
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/list
Hello all!
I just saw a post on Bugtraq from ISS X-Force about the OpenSSH vulnerability.
Here is an interesting excerpt:
-
ISS X-Force recommends that system administrators disable unused OpenSSH
authentication mechanisms. Administrators can remove this vulnerability
by disabling the
Words by Chavez Gutierrez, Freddy [Wed, Jun 26, 2002 at 09:11:52AM -0500]:
> >the best thing to do is to upgrade to 3.3 and activate
> >priv seperation.
>
> I already upgrade OpenSSH to version 3.3 but,
> how can I activate Priv Separation??. Thanks.
>
On the /etc/ssh/sshd_config put/alter to
On Wed, Jun 26, 2002 at 09:11:52AM -0500, Chavez Gutierrez, Freddy wrote:
>
> I already upgrade OpenSSH to version 3.3 but,
> how can I activate Priv Separation??. Thanks.
add this line to /etc/ssh/sshd_config and restart sshd:
UsePrivilegeSeparation yes
Emmanuel
__
Title: RE: OpenSSH Vulnerability...activate Priv Separation ??
>the best thing to do is to upgrade to 3.3 and activate
>priv seperation.
I already upgrade OpenSSH to version 3.3 but,
how can I activate Priv Separation??. Thanks.
Freddy Chavez.
On Wed, Jun 26, 2002 at 06:32:22AM -0700, Jonathan Bartlett wrote:
>
> Oh, yes, and does PAM work?
This is what I get in /var/log/messages after upgrading to 3.3p1 .
root@munshine ssh]# tail -4 /var/log/messages
Jun 26 15:23:43 munshine sshd[31340]: Server listening on 0.0.0.0 port 22.
Jun 26 15
On Wed, Jun 26, 2002 at 09:01:30AM -0400, Thomas Porter wrote:
>
> 1.I activated privilege separation as recommended.
> 2.I added 'Compression off' to sshd config file.
Humm.. The man for ssh_config says the arguement must be "yes" or "no".
Setting it to "no" made it work here. Thanks, T
Oh, yes, and does PAM work?
Jon
On Wed, 26 Jun 2002, Thomas Porter wrote:
> On Wed, Jun 26, 2002 at 10:15:44AM +0200, Emmanuel Seyman thoughtfully expounded:
> > FWIW, after reading Theo's post, I downloaded OpenSSH 3.3 and installed
> > it on my machine. I activated priv seperation, restarted
Compiled with or without PAM?
On Wed, 26 Jun 2002, Thomas Porter wrote:
> On Wed, Jun 26, 2002 at 10:15:44AM +0200, Emmanuel Seyman thoughtfully expounded:
> > FWIW, after reading Theo's post, I downloaded OpenSSH 3.3 and installed
> > it on my machine. I activated priv seperation, restarted ssh
On Wed, Jun 26, 2002 at 10:15:44AM +0200, Emmanuel Seyman thoughtfully expounded:
> FWIW, after reading Theo's post, I downloaded OpenSSH 3.3 and installed
> it on my machine. I activated priv seperation, restarted ssh and tried
> to scp a file from my machine. It failed. I downgraded back to the
On Tue, Jun 25, 2002 at 04:00:40PM -0700, David Talkington wrote:
>
> Emmanuel Seyman wrote:
>
> >- We only have Theo's word that there is a bug to fix.
>
> That's pretty much the nutshell version (but that last one is a little
> silly -- I don't think it's likely that he's risking his integrit
On Tue, Jun 25, 2002 at 02:33:19PM -0600, Ashley M. Kirchner wrote:
>
> What position would that be? "Everyone to their own? Should they get
> broken into, tough?"
Priv seperation (the new feature in OpenSSH we're talking about)
was intoduced in OpenSSH 3.3, released 3 days ago.
- It has no
Brian Ashe wrote:
> "You need to get version 3.3 that was just released and could be really
> broken for your distro, spend a great deal of time fixing some of it to
> hopefully reduce the potential damage, lose functionality that some people
> may rely on, require people to modify the way their
Hello Ashley,
Tuesday, June 25, 2002, 4:33:19 PM, you textually orated:
AMK> David Talkington wrote:
>> This will be complicated, and I don't envy Red Hat's (and other
>> vendors') position.
AMK> What position would that be? "Everyone to their own? Should they get
AMK> broken into, tough
David Talkington wrote:
> This will be complicated, and I don't envy Red Hat's (and other
> vendors') position.
What position would that be? "Everyone to their own? Should they get
broken into, tough?"
--
W | I haven't lost my mind; it's backed up on tape somewhere.
+---
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ray Parish wrote:
>3.2.3p1-3 is the latest on Rawhide.
>Hopefully something soon, RedHat?
This will be complicated, and I don't envy Red Hat's (and other
vendors') position. Upgrading alone isn't sufficient at this point; a
potentially problematic
3.2.3p1-3 is the latest on Rawhide.
Hopefully something soon, RedHat?
Ray
- Original Message -
From: "Ashley M. Kirchner" <[EMAIL PROTECTED]>
To: "Red Hat Mailing List" <[EMAIL PROTECTED]>
Sent: Tuesday, June 25, 2002 2:54 PM
Subject: OpenSSH Vulnerabili
Can we expect a new release any time soon? OpenSSH.org is urging everyone
to upgrade to 3.3. RH's latest release is 3.1p1...
--
W | I haven't lost my mind; it's backed up on tape somewhere.
+
Ashley M. Kirchner
-BEGIN PGP SIGNED MESSAGE-
Peter Peltonen wrote:
>I am using the openssh-2.5.2p2-1 RPMs downloaded from the OpenSSH download
>site.
>
>I am not using the RPMs that came with RH7. So, the question is: Are the RPMs
>that I'm using safe or should I upgrade to the ones that RH recently updat
I am using the openssh-2.5.2p2-1 RPMs downloaded from the OpenSSH download
site.
I am not using the RPMs that came with RH7. So, the question is: Are the RPMs
that I'm using safe or should I upgrade to the ones that RH recently updated?
I'm using the same version on both RH6.2 and RH7 -- if I n
21 matches
Mail list logo