[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Portable OpenSSH Security Advisory: sshpam.adv
openssh can be compiled with tcp-wrappers support and then an entry put in
sshd: 192.168.1. : ALLOW
compile openssh with the following option
./configure --with -tcp-wrappers
On Wednesday 24 September 2003 08:56, Simon Oliver wrote:
> > --> There is also a "Hosts" directive to restrict logins to specific
> > IP addresses.
> It is not documented and when I tried it (on a box running
> OpenSSH_3.4p1) sshd start failed, complaining about the Hosts directive
> (perhaps I formatted it incorrectly).
> I did get it working with the AllowUsers directive:
> AllowUsers *@*.my.domain
> Using this method I find that it still gives the user a login prompt
> (but always rejects their login unless they are within *.my.domain).
> Assuming I can trust all machines in *.my.domain, will this actually
> protect from the vulnerability? At what point in the connection process
> does the exploit occur - presumably prior to login?
> Simon Oliver
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here