From owner-freebsd-questions  Thu Jun 27 15: 4:44 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from out5.mx.nwbl.wi.voyager.net (out5.mx.nwbl.wi.voyager.net [169.207.3.123])
	by hub.freebsd.org (Postfix) with ESMTP id A223037B425
	for <freebsd-questions@FreeBSD.ORG>; Thu, 27 Jun 2002 15:04:31 -0700 (PDT)
Received: from shell.core.com (shell.core.com [169.207.1.89])
	by out5.mx.nwbl.wi.voyager.net (8.12.3/8.11.4/1.7) with ESMTP id g5RM4RuQ022892;
	Thu, 27 Jun 2002 17:04:27 -0500
Received: from localhost (raiden@localhost)
	by shell.core.com (8.11.6/8.11.6/1.3) with ESMTP id g5RM4Qa07329;
	Thu, 27 Jun 2002 17:04:26 -0500 (CDT)
Date: Thu, 27 Jun 2002 17:04:26 -0500 (CDT)
From: Steven Lake <raiden@shell.core.com>
X-X-Sender: raiden@shell.core.com
To: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Cc: Steven Lake <raiden@shell.core.com>,
	<freebsd-questions@FreeBSD.ORG>
Subject: Re: sshd_config question
In-Reply-To: <20020627211440.GB5504@happy-idiot-talk.infracaninophi>
Message-ID: <Pine.GSO.4.44L0.0206271651470.6057-100000@shell.core.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

	Ok, I'm actually using 3.4p1, but I hadn't wiped my old config
file because I wanted to keep some of those customizations for security
reasons.  :)

	But I did add those extra two lines in there from you so as to
make this more secure.

On Thu, 27 Jun 2002, Matthew Seaman wrote:

> On Thu, Jun 27, 2002 at 03:53:38PM -0500, Steven Lake wrote:
>
> > 	HI all.  Quick question.  After doing some reading I noticed
> > something about the openssh vulnerability and I had a question.  Here's my
> > sshd_config file, does it have everything set correctly to be clear of the
> > vulnerability?  Just curious.  Thanks.
>
> Looks like you're using OpenSSH-2.9 as supplied with 4-STABLE.
> According to CERT (http://www.cert.org/advisories/CA-2002-18.html),
> all that is necessary for that version is:
>
>    ChallengeResponseAuthentication no
>
> You're fine.
>
> Later versions (2.9.9 - 3.4p1) should also have:
>
>    PAMAuthenticationViaKbdInt no
>    UsePrivilegeSeparation yes
>
> 	Matthew
>
> --
> Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
>                                                       Savill Way
> Tel: +44 1628 476614                                  Marlow
> Fax: +44 0870 0522645                                 Bucks., SL7 1TH UK
>
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message