[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Portable OpenSSH Security Advisory: sshpam.adv



--> There is also a "Hosts" directive to restrict logins to specific
IP addresses.
It is not documented and when I tried it (on a box running OpenSSH_3.4p1) sshd start failed, complaining about the Hosts directive (perhaps I formatted it incorrectly).

I did get it working with the AllowUsers directive:

AllowUsers *@*.my.domain

Using this method I find that it still gives the user a login prompt (but always rejects their login unless they are within *.my.domain). Assuming I can trust all machines in *.my.domain, will this actually protect from the vulnerability? At what point in the connection process does the exploit occur - presumably prior to login?

--
  Simon Oliver


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here