Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
Re: [suse-security] Portable OpenSSH Security Advisory: sshpam.adv
  • From: Armin Schoech <armin.schoech@xxxxxx>
  • Date: Wed, 24 Sep 2003 12:06:21 +0000 (GMT)
  • Message-id: <Pine.LNX.4.44.0309241201190.3053-100000@xxxxxxxxxxxxxxxxxxxxx>
Hi !

> > Independently from hosts.allow, access can be restricted in sshd_config,
> Is that via the AllowUsers option? Would this help protect against the
> current security vulnerabilities?
>
--> There is also a "Hosts" directive to restrict logins to specific
IP addresses. It definitely helps you to restrict the number of
IPs and users that can connect, but it does not really protect you
against the security vulnerability. Because if someone connects from
an allowed IP with an allowed user name, he can exploit the
vulnerability. But of course chances for this are much smaller than if
everybody can try.

Bye,
Armin

--
Am Hasenberg 26 office: Institut für Atmosphärenphysik
D-18209 Bad Doberan Schloss-Straße 6
Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY
Email: schoech@xxxxxxxxxxxx Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50



< Previous Next >
Follow Ups
References