From owner-freebsd-security  Thu Jan 20  7: 0: 6 2000
Delivered-To: freebsd-security@freebsd.org
Received: from vtopus.cs.vt.edu (vtopus.cs.vt.edu [128.173.40.24])
	by hub.freebsd.org (Postfix) with ESMTP id CFAC014DB4
	for <freebsd-security@FreeBSD.ORG>; Thu, 20 Jan 2000 06:59:58 -0800 (PST)
	(envelope-from dhagan@cs.vt.edu)
Received: from localhost (dhagan@localhost)
	by vtopus.cs.vt.edu (8.9.1a/8.9.1) with ESMTP id JAA22135;
	Thu, 20 Jan 2000 09:59:48 -0500 (EST)
Date: Thu, 20 Jan 2000 09:59:48 -0500 (EST)
From: Daniel Hagan <dhagan@cs.vt.edu>
To: sen_ml@eccosys.com
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: ssh-feature 'backdoor'
In-Reply-To: <20000120160325Z.1000@eccosys.com>
Message-ID: <Pine.OSF.4.21.0001200957260.9336-100000@vtopus.cs.vt.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 20 Jan 2000 sen_ml@eccosys.com wrote:

> not necessarily.  if you perform a successful denial-of-service attack
> of a certain type on one of your allowed hosts, and you know a
> password to get in to the server running the ssh daemon, then you can
> manage i think.

Isn't the RootLogin NoPwd (sp) setting there for this scenario?

Daniel

-- 
Daniel Hagan                                             Computer Science CSE
dhagan@cs.vt.edu                                http://www.cs.vt.edu/~dhagan/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message