Slashdot Mirror

← Back to Stories (view on slashdot.org)

The OpenSSH Bug That Wasn't

Posted by timothy on Friday July 24, 2015 @04:27PM from the or-only-kind-of-is dept.

badger.foo writes: Get your facts straight before reporting, is the main takeaway from Peter Hansteen's latest piece, The OpenSSH Bug That Wasn't. OpenSSH servers that are set up to use PAM for authentication and with a very specific (non-default on OpenBSD and most other places) setup are in fact vulnerable, and fixing the configuration is trivial.

3 of 55 comments (clear)

Min score:

Reason:

Sort:

I love the attitude by Sowelu · 2015-07-24 17:24 · Score: 3, Insightful

I love the attitude of one of the anon commenters: if you don't know enough to configure every single security option on your system right out of the box, you shouldn't have your *nix machine hooked up to the internet. Truly, this is the year of *nix on the desktop.
fixing the configuration is trivial by El_Muerte_TDS · 2015-07-24 18:23 · Score: 4, Insightful

> fixing the configuration is trivial
So trivial that the suggested configuration change is not mentioned anywhere.
However the attitude above is broken by dbIII · 2015-07-24 22:24 · Score: 3, Insightful

disabling root logins has no security benefit at al
Of course it does. That former employee that knows the root password or has the keys can't get to it. The current employee that fat fingers a command to the wrong host can't do much damage. That thief with a stolen laptop can't use a key to get full access remotely. There is a very very long list and it's just inexperience, laziness or lack of sleep that's stopping you from thinking of entries in it.