I have a dilemma. I want to open the SSH port to the world and I need some information about the secuirty of SSH. Are there any outstanding security issues with the latest version of SSH other then the PRNG exploit of SSL? I have very tight secuirty on SSH itself, security related to best practices (TCP-Wrappers allowing in 1 IP, the box is tight except for non-essential services, StrictMode for password is turned on, the password is good for the one user who can get in, etc). I need to convince management that I should be able to leave it open. I searched Security-Focus but had trouble finding anything (which is good). Any info you can give me would be good. Ben Ricker
