Hello, OpenSSH has released 3.4 which addresses these security issues with regard to challenge response configuration options,etc etc... It fixes several other issues; there now exists official advisories from www.cert.org,www.openssh.com, and ISS. Perhaps everyone stop wasting their time with 3.3 and obtain 3.4 which is well supported and documented. -----Original Message----- From: Roman Drahtmueller [mailto:draht@suse.de] Sent: Thu 6/27/2002 6:23 AM To: Nico van Eikema Hommes Cc: suse-security@suse.com; Olaf Kirch Subject: Re: [suse-security] OpenSSH 3.3p1, HostBasedAuthentication > Hi, > > For the record, or for others using this feature: the helper program > "ssh-keysign", needed for HostBasedAuthentication, is missing in the > OpenSSH 3.3p1 RPM. Actually, there are many things missing, broken or otherwise braindead in this package (this is why some people pay for a linux distribution). Please do not send us the error reports any more. We know that it's broken. If possible, please downgrade to the openssh-2.9.9p2 package if you still have it, or await the packages that we publish soon. No promises wrt the version of these packages. > Best wishes, > > Nico van Eikema Hommes > -- > Dr. N.J.R. van Eikema Hommes Computer-Chemie-Centrum > hommes@chemie.uni-erlangen.de Universitaet Erlangen-Nuernberg > Phone: +49-(0)9131-8526532 Naegelsbachstr. 25 > FAX: +49-(0)9131-8526565 91052 Erlangen, Germany Grüße, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "You don't need eyes to see, | SuSE Linux AG - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - - -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here