Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 26 Jun 2002 23:30:02 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Lord Raiden <raiden23@netzero.net>
Cc:        FreeBDS-Questions <freebsd-questions@FreeBSD.ORG>
Subject:   Re: OpenSSH 3.4 available??
Message-ID:  <20020626223002.GA68946@happy-idiot-talk.infracaninophi>
In-Reply-To: <4.2.0.58.20020626142109.0095b880@pop.netzero.net>
References:  <4.2.0.58.20020626142109.0095b880@pop.netzero.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Jun 26, 2002 at 02:22:19PM -0400, Lord Raiden wrote:

> 	Is OpenSSH 3.4 available now in the ports?  Cause the
> announcement about it just went out on Slashdot and Bugtraq a day
> early.  So I need to hurry up and get on the ball with finishing my
> upgrade.  Thanks all.

Actually folks, if you read the text of the announcement --- it's at
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20584
amongst other places, you'll find that the original notification was
rather more wide ranging than the actual scope of the vulnerability.

It turns out that there is a very simple work around for virtually all
OpenSSH versions that will tide you over until 3.4 is released.
Disable challenge response authentication --- that means opie or S/Key
one time passwords to ordinary mortals --- by setting:

ChallengeResponseAuthentication no

in /etc/ssh/sshd_config

Turns out you don't even need to do that for the original OpenSSH-2.9 in
4.x-STABLE, or so says the FreeBSD Security Officer on freebsd-security:

http://www.geocrawler.com/lists/3/FreeBSD/169/75/9034599/

Note that the recommendation is still to install OpenSSH 3.4 when it
becomes available, but that there's no need to rush it into use
immediately.

One panic is over, but the next one is not far
behind. FreeBSD-SA-02:28.resolv just out today...

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
Tel: +44 1628 476614                                  Marlow
Fax: +44 0870 0522645                                 Bucks., SL7 1TH UK

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020626223002.GA68946>