Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenSSH vulnerability

On 28.6.2002 6:18 Uhr, "Michael G. Schabert" <email@hidden> wrote:

> OpenSSH has not even come up with a fix for their bug yet. However,
> if you want to make your system invulnerable to the exploit,
> UNcomment line 50 in /etc/sshd_config.

Oh yes they did June 26:
<http://www.openssh.org>

For these people which tweaked their /etc/sshd_conf already and the
linenumbers Mike posted doesn't match, here are the two configuration
options which provide a quick workarround for the vulnrability:

ChallengeResponseAuthentication no
PAMAuthenticationViaKbdInt no

Besides this, OpenSSH 3.4p1 compiles just fine ON OSX.
Here is how I have used configure before compiling:

./configure --without-rsh --prefix=/usr --mandir=/usr/share/man
--sysconfdir=/private/etc
(above is one line)

Then you'd have to:
mkdir /var/empty
chown root.sys /var/empty
chmod 755 /var/empty

And add a User and Group called sshd via Netinfo. Make the user sshd's
homedirectory /var/empty and her shell /bin/false

After that, and only after that is done, do a make; make install and you're
pretty much set. Or just wait for SoftwareUpdate to provide a Fix and
destroy your Sedmail capabilities again ;-)

--
Stefan Seiz
Spamto: <email@hidden>

Stefan Seiz

DO NOT GIVE OUR ADDRESS TO THIRD PARTIES, WE HATE JUNK-MAIL
_________________________________________________________________
Stefan Seiz | Fon +49 (0)700 STEFSEIZ
| Fax +49 (0)7166 918699
Marstallstr. 32/1 | Mobile +49 (0)172 / 7103366
D-73033 Gvppingen |
Germany | Spamto: email@hidden
_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.