[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Clarification on SSH access

Subject: Re: [cobalt-users] Clarification on SSH access
From: Fraser Campbell <fraser@xxxxxxxxxxx>
Date: Thu Mar 1 15:29:32 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Regarding, OpenSSH Server Release 2.1.1p2 ...

Peter Low <peterlow@xxxxxxxxxxxxxxxxxx> writes:

> First, I don't think you needed to install the client release.
> 
> Second, you don't mention starting up sshd.  Make sure you have done so.
> 
> Third,  PuTTY is trying to access telnet, not SSH.  In the session screen, 
> make sure you have SSH selected as your protocol.  It should connect to 
> port 22.
> 
> Fourth, I'd recommend logging in as a user, then using "su" to change to root.

Fifth, don't install that package at all.  OpenSSH versions prior to 2.3.0
have known, and widely publicised, security issues.  There is even a 2.5.1
version now ... if you're installing SSH go with 2.5.1.

http://www.openssh.com/security.html:

    A buffer overflow in the CRC32 compensation attack detector can lead to
    remote root access. This problem has been fixed in OpenSSH
    2.3.0. However, versions prior to 2.3.0 are vulnerable." 

-- 
fraser campbell <fraser@xxxxxxxxxxx>                          starnix inc.
tollfree: (905) 771-0017                        thornhill, ontario, canada
http://www.starnix.com/             professional linux services & products

References:
- Re: [cobalt-users] Clarification on SSH access
  - From: Peter Low

Prev by Date: Re: [cobalt-users] Port 617?
Next by Date: [cobalt-users] Syntax (IP blocking) hosts.deny..?
Previous by thread: Re: [cobalt-users] The List Lives!
Next by thread: [cobalt-users] forwarding mail

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index