[ale] ssh remote root exploit :-(

Jim Popovitch jimpop at rocketship.com
Tue Jun 25 21:47:40 EDT 2002


One more thing...

Set "PermitRootLogin no" in your /etc/ssh/sshd_config file and restart the
sshd daemon.

-Jim P.


> -----Original Message-----
> From: Jim Popovitch [mailto:jimpop at rocketship.com]
>
> One thing everyone can do is to move the ssh port to some arbitrary port
> number.  Anyone who wants to sweep for ssh vulnerabilities will have their
> hands full for a while looking for machines on port 22.
>
> Here's how you do it...
>
> edit /etc/ssh/sshd_config and change the port line from 22 to a number not
> referenced in /etc/services.  I would suggest something greater
> than 30,000
> and less than 65,535.
>
> Next restart sshd by running /etc/init.d/ssh restart or
> /etc/rc.d/init.d/ssh
> restart (depending on your distro it may be init.d/sshd or init.d/ssh).
>
> The test it out by ssh'ing to the new port:
>
>    ssh -p 30303 localhost
>
>
>
> -Jim P.
>
> > -----Original Message-----
> > From: Jonathan Rickman
> >
> > Everyone should be aware that this new version does not fix the
> > vulnerability. It only reduces the risk since the attacker can only
> > gain access to the sshd account due to the new priveledge separation
> > feature. This could still ruin your day if your system is miles away and
> > ssh is your only means of accessing it.
> >
> > Just a reminder not to get too comfortable yet :)
>
>
>
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info.
> Problems should be
> sent to listmaster at ale dot org.
>


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list