Hello,
OpenSSH has released 3.4 which addresses these security issues with regard to challenge response configuration options,etc etc... It fixes several other issues; there now exists official advisories from www.cert.org,www.openssh.com, and ISS. Perhaps everyone stop wasting their time with 3.3 and obtain 3.4 which is well supported and documented.
-----Original Message-----
From: Roman Drahtmueller [mailto:draht@suse.de]
Sent: Thu 6/27/2002 6:23 AM
To: Nico van Eikema Hommes
Cc: suse-security@suse.com; Olaf Kirch
Subject: Re: [suse-security] OpenSSH 3.3p1, HostBasedAuthentication
> Hi,
>
> For the record, or for others using this feature: the helper program
> "ssh-keysign", needed for HostBasedAuthentication, is missing in the
> OpenSSH 3.3p1 RPM.
Actually, there are many things missing, broken or otherwise braindead in
this package (this is why some people pay for a linux distribution).
Please do not send us the error reports any more. We know that it's
broken. If possible, please downgrade to the openssh-2.9.9p2 package if
you still have it, or await the packages that we publish soon. No promises
wrt the version of these packages.
> Best wishes,
>
> Nico van Eikema Hommes
> --
> Dr. N.J.R. van Eikema Hommes Computer-Chemie-Centrum
> hommes@chemie.uni-erlangen.de Universitaet Erlangen-Nuernberg
> Phone: +49-(0)9131-8526532 Naegelsbachstr. 25
> FAX: +49-(0)9131-8526565 91052 Erlangen, Germany
Grüße,
Roman.
--
- -
| Roman Drahtmüller