From owner-freebsd-security@FreeBSD.ORG Thu Sep 23 07:26:41 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A92216A4F7 for ; Thu, 23 Sep 2004 07:26:41 +0000 (GMT) Received: from cleaton.net (cleaton.net [82.138.248.193]) by mx1.FreeBSD.org (Postfix) with SMTP id 68C8C43D41 for ; Thu, 23 Sep 2004 07:26:40 +0000 (GMT) (envelope-from nick@cleaton.net) Received: (qmail 83051 invoked by uid 0); 23 Sep 2004 07:26:38 -0000 Received: from cleaton.net (HELO lt4.cleaton.net) (82.138.248.193) by cleaton.net with SMTP; 23 Sep 2004 07:26:38 -0000 Received: from nick by lt4.cleaton.net with local (Exim 4.30) id 1CAO2S-0000SV-Jg; Thu, 23 Sep 2004 09:29:12 +0200 Date: Thu, 23 Sep 2004 09:29:12 +0200 From: Nick Cleaton To: Chris Ryan Message-ID: <20040923072912.GK5340@lt1.cleaton.net> References: <20040923045229.GJ5340@lt1.cleaton.net> <20040923070809.14655.qmail@web51010.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040923070809.14655.qmail@web51010.mail.yahoo.com> User-Agent: Mutt/1.3.28i cc: freebsd-security@freebsd.org Subject: Re: Attacks on ssh port X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2004 07:26:41 -0000 On Thu, Sep 23, 2004 at 05:08:09PM +1000, Chris Ryan wrote: > [SNIP] > > I've patched my sshd so [SNIP] > > so does that mean you have to rebuild ssh everytime > there is a security update for sshd? Yup. An alternative that avoids that would be to run something out of inetd that reads the token and then execs sshd. Nick -- $_='YN8KuE*** http://www.exonetric.com/ Telehouse UK colo ***HARQr**' .'NfzV0YrC1*** GBP40/month +VAT 40G BW no setup fee ***MnjJ**' .'6QvtcPgQ20*** ***nlS**' ;s/(.)(.*(.))/$2.chr(32+(ord($1)+ord$3)%89)/euntil/Foo/;eval#****'