[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Portable OpenSSH Security Advisory: sshpam.adv
It is not documented and when I tried it (on a box running
OpenSSH_3.4p1) sshd start failed, complaining about the Hosts directive
(perhaps I formatted it incorrectly).
--> There is also a "Hosts" directive to restrict logins to specific
I did get it working with the AllowUsers directive:
Using this method I find that it still gives the user a login prompt
(but always rejects their login unless they are within *.my.domain).
Assuming I can trust all machines in *.my.domain, will this actually
protect from the vulnerability? At what point in the connection process
does the exploit occur - presumably prior to login?
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here