[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Portable OpenSSH Security Advisory: sshpam.adv

Hi !

> > Independently from hosts.allow, access can be restricted in sshd_config,
> Is that via the AllowUsers option?  Would this help protect against the
> current security vulnerabilities?
--> There is also a "Hosts" directive to restrict logins to specific
IP addresses. It definitely helps you to restrict the number of
IPs and users that can connect, but it does not really protect you
against the security vulnerability. Because if someone connects from
an allowed IP with an allowed user name, he can exploit the
vulnerability. But of course chances for this are much smaller than if
everybody can try.


Am Hasenberg 26         office: Institut für Atmosphärenphysik
D-18209 Bad Doberan             Schloss-Straße 6
Tel. ++49-(0)38203/42137        D-18225 Kühlungsborn / GERMANY
Email: schoech@xxxxxxxxxxxx     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here