* [Sun, Mar 31, 2024 at 09:28:46PM +] Nick Sal:
With respect to debian testing, assume we filter SSH access only to a
subnet using the files host.{deny,allow} (see below).
Would this prevent the attack if a malicious payload was not sent from
the allowed subnet?
I've not seen any reference to this. One could argue that tcpwrappers'
check should happen in an early stage, so it could have helped. But
that's just speculation and I would consider the system vulnerable
unless someone knowledgeable (I'm not) says otherwise.
Moreover, would it have helped if additionally allowing only public-key
authentication for SSH?
All sources I've read agree that this was not sufficient (actually, the
malicious code resided in the function verifying the key signatures).
Best,
Gian Piero.
