Date: Mon, 3 Dec 2001 18:47:18 -0800 (PST) From: Holtor <holtor@yahoo.com> To: Chris Johnson <cjohnson@palomine.net> Cc: security@freebsd.org Subject: Re: OpenSSH Vulnerability Message-ID: <20011204024718.74912.qmail@web11601.mail.yahoo.com> In-Reply-To: <20011203213708.A88390@palomine.net>
next in thread | previous in thread | raw e-mail | index | archive | help
It is enabled here: /usr/src/crypto/openssh/sshd_config Thats the only sshd_config in /usr/src besides the one in picobsd so I figure its what should be used when upgrading a system. I don't think mergemaster updates anything in /etc/ssh because nothing exists in /usr/src/etc/ssh -- probably am wrong though. Just wondering also how people go about updating their sshd_config. I know there was many changes when freebsd changed from openssh 2.3.0 to openssh 2.9. Holt --- Chris Johnson <cjohnson@palomine.net> wrote: > On Mon, Dec 03, 2001 at 06:28:11PM -0800, Holtor > wrote: > > Is freebsd's SSH vulnerable to this? > > > > http://www.securityfocus.com/archive/1/243430 > > > > The advisory says all versions prior to 2.9.9 are > > vulnerable and I see sftp-server is on by default > in > > freebsd's sshd_config > > How do you figure that? I see: > > # Uncomment if you want to enable sftp > #Subsystem sftp /usr/libexec/sftp-server > > in my /etc/ssh/sshd_config file, and the sshd man > page says, "By default no > subsystems are defined." > > Chris Johnson > > ATTACHMENT part 2 application/pgp-signature __________________________________________________ Do You Yahoo!? Buy the perfect holiday gifts at Yahoo! Shopping. http://shopping.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011204024718.74912.qmail>