> > > The 6.2 version is commented out, but the 'no' value is what is commented > > out.... > > > > According to some folks on Slashdot and Valhalla-list, they think Red > Hat 7.x is not vulnerable to this exploit because it doesn't appear to > have used that compile time option. > > Can anyone confirm this? I don't know just why, but MY 7.3 isn't volnerable. It has /etc/ssh/sshd_config:ChallengeResponseAuthentication no Just why, I don't know - maybe I changed something, maybe it arrived that way. This particular box was installed as 6.2 then upgraded to 7.1 and/or 7.2 then 7.2 -- Cheers John Summerfield Microsoft's most solid OS: http://www.geocities.com/rcwoolley/ Note: mail delivered to me is deemed to be intended for me, for my disposition. ============================== If you don't like being told you're wrong, be right! _______________________________________________ Redhat-devel-list mailing list Redhat-devel-list@redhat.com https://listman.redhat.com/mailman/listinfo/redhat-devel-list
