"Nathan Angelacos" <[EMAIL PROTECTED]> wrote: > I've compiled new openSSH 3.4p1 lrps based on J. Nilo's packages. > Since they are larger than the patch manager limit, > they are available for download at http://www.nothome.org:8000/
I believe you need to correct your web site. It says that you changed the location of ssh_config in the packages. I believe there are two configuration files with one character different, a d. ssh.lrp contains /etc/ssh/ssh_config. sshd.lrp contains /etc/ssh/sshd_config. > I'll leave the page up until next Friday (5 Jul 2002.) > > The md5 sums for the packages are: > > 92395eae01a299a4c5412513482c90b0 sftp.lrp > 0c9e5948681f5e20ef632e380d4928d1 sshd.lrp > 0c5124438f4b9a0faca1d37b9f7b8846 sshkey.lrp > 2087bea66f66ac5f2922551e26723b01 ssh.lrp > > Compilation notes are in sshd.lrp, in /var/lib/lrpkg/sshd.notes > > I would still be interested in knowing whether sshd should be a standard > LEAF user, or if you all think not using priv separation is ok, or if a > standard user (like nobody) should be used. > I was reading http://www.openssh.com/txt/preauth.adv under "1. Versions affected: ... OpenSSH 3.4 and later are not affected." They say this is the fourh revision to the document. If the package you compiled fixes this problem and numerous others, then is the idea here just to add additional protection by disabling privileges escalation? Security safeguard on another safeguard may be a good thing. But if privilege separation is not required in 3.4, is it necessary to go through this? I am just trying to sort the issues out here. Any thoughts. Redhat says they are not vulnerable. http://rhn.redhat.com/errata/RHSA-2002-127.html I did the did this in sshd_config file ChallengeResponseAuthentication no and was denied service after I applied the Redhat patch. Yes and it was a remote server too. snicker. The server has logins disabled and required ssh key access. Greg Morgan ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
