-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 26-Jun-2002/09:38 -0700, Gordon Messmer <[EMAIL PROTECTED]> wrote: >On Wed, 2002-06-26 at 09:05, M A Young wrote: >> In case people haven't seen it, according to >> http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20584 >> You can secure your system from the recent ssh security hole by turning >> off "challenge-response" authentication and restarting sshd. > >Reviewing the announcement, I wonder if this affects Red Hat's OpenSSH >at all... The output of the configure process indicates positively that >the affected BSD Auth and S/KEY authentication mechanisms are not >available (see below), and connecting to a RHL machine with 'ssh -v' >does not indicate that any challenge-response authentication mechanisms >are available.
CERT Advisory CA-2002-18 <http://www.cert.org/advisories/CA-2002-18.html> includes a statement from Red Hat that is consistent with Bill Carlson's look at the RPM spec file. Tony - -- Anthony E. Greene <mailto:[EMAIL PROTECTED]> OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: <http://www.pobox.com/~agreene/> Linux. The choice of a GNU generation <http://www.linux.org/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene <mailto:[EMAIL PROTECTED]> 0x6C94239D iD8DBQE9Gm7apCpg3WyUI50RAutpAJ4m3iTM6FXFdhsAKnaym8PocLxZvgCg2uNa 5gmYTm/T6l5ErUSwP0YwBco= =vzjv -----END PGP SIGNATURE----- _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
