On Wed, 26 Jun 2002, Max Horn wrote: > At 12:23 Uhr -0400 26.06.2002, Chris Devers wrote: > >[This is really aimed at fink-devel, but I've cc'ed -users too as > >I'm not sure if I'm properly subscribed to -devel at the moment...] > > Ugh, not good, in that case only send to fink-users, but please don't > cross post unless it is absolutly necessary, and then, send the > messages seperatly to each list. > > >There's a remote security exploit in versions of OpenSSH prior to > >this week's release of 3.4.
[snip] > Yes. However, please folks, don't spread panic. > ChallengeResponseAuthentication is off by default, and only when it > is on does any danger exist. Hence for the vast majority of SSH users > there is *NO* risk involved currently. Of course an updated package > will be put out shortly, but it's not all that bad as one might get > the impression. Huh? ChallengeResponseAuthentication is off by default on Mac OS X? I am not sure, but AFAIK it is on by default in most OSes.. (as of version 3.0 or something) So this *IS* something to worry about. I just looked at the stock sshd_config file from Mac OSX and the line to turn ChallengeResponseAuthentication off is commented out. However, it does say "no" on that line. When you install openssh manually it says "yes" but is commented out because it is on by default, but you can uncomment and change to no. So I have no clue how Apple has it set up... -- Joe Laffey | Want to convert subnet masks between different LAFFEY Computer Imaging | notations, or figure the number of IPs in a block? St. Louis, MO | Whatmask-It's FREE - www.laffeycomputer.com/wm.html ------------------------------------------------------------------------------ ------------------------------------------------------- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn _______________________________________________ Fink-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-users
