> -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > bounces@xxxxxxxxxx] On Behalf Of Benjamin J. Weiss > Sent: Thursday, September 16, 2004 11:13 AM > To: jeff@xxxxxxxxxx; General Red Hat Linux discussion list > Subject: Re: SSH attacks ? > > On Thu, 16 Sep 2004, Jeff wrote: > > Just to follow on from this - does OpenSSH 3.6.1p2 have a serious vuln. > that I dont know about? Anyone got a link? > > > > Jeff check http://www.openssh.com/security.html on a regular basis and yer set. -Tobias > > > > You can do a google, or check out the rpm change log for openssh. I'm not > sure about specific vulnerabiliies on specific versions (I just ensure > that I'm always patched), but I *do* know that version 1 of the ssh > protocol is seriously flawed, and that it's enabled by default on RH > installations. You need to edit /etc/ssh/sshd_config and modify the > Protocol line to only have Protocol 2. > > Piece of trivia: In the second Matrix movie, you'll see Trinity hack into > a computer. She uses a known exploit of the ssh v1 protocol to do it. :) > > Ben > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
