* Konstantin (Kastus) Shchuka (kastus@tsoft.com) [020626 10:45]:
I installed openssh 3.3 using YOU and it did not add this line to sshd_config. According to www.openssh.org, it's the default in v3.3. Is it correct?
This has been discussed on suse-security quite a bit and there's a new announcement regarding this today: http://lists.suse.com/archive/suse-security-announce/2002-Jun/0006.html UsePrivilegeSeparation wasn't enabled by default because it was judged to be too new and untested to be relied on as a workaround (and it can cause problems with pam, etc.). Olaf Kirch, who is handling this advisory, has posted the following about it: http://lists.suse.com/archive/suse-security/2002-Jun/0373.html http://lists.suse.com/archive/suse-security/2002-Jun/0394.html In short, it's still not clear what's really going on and, to be on the safe side, sshd should either be shutdown completely or have its access restricted with iptables/ipchains until it's all sorted out. -- -ckm