Re: HEAD's UP: possible 0day SSH exploit in the wild

To: Jim Popovitch <jimpop@gmail.com>
Cc: debian-security@lists.debian.org
Subject: Re: HEAD's UP: possible 0day SSH exploit in the wild
From: Roger Bumgarner <roger.bumgarner@gmail.com>
Date: Wed, 8 Jul 2009 14:03:57 -0700
Message-id: <[🔎] 235a4bf70907081403s7e2b9aadpa1d21e289d940211@mail.gmail.com>
In-reply-to: <[🔎] f971bab40907080937v33884e78nce8291d34140f3de@mail.gmail.com>
References: <[🔎] 4A53AD2B.4080500@techsupport.lt> <[🔎] 4A53B1CF.509@abi007.info> <[🔎] f9971d420907071415m306cb47bhad3619ee288b20e4@mail.gmail.com> <[🔎] a701f7720907071420q43aaf21er63e3d405a184c1fa@mail.gmail.com> <[🔎] f9971d420907080736w4c2d31bbh441825661979d2b6@mail.gmail.com> <[🔎] 20090708143825.GF2565@gamma.logic.tuwien.ac.at> <[🔎] f9971d420907080811ob5aa5a2i68f611f65aaf8b1f@mail.gmail.com> <[🔎] 5344ee8d0907080814x1a155b54n8298267c13b5b86d@mail.gmail.com> <[🔎] 235a4bf70907080933i33b77b67t4f72e489313e26a1@mail.gmail.com> <[🔎] f971bab40907080937v33884e78nce8291d34140f3de@mail.gmail.com>

As far as I know, it does keys first then falls back to passwords. I'd
imagine PAM could help, but I'm not knowledgeable enough in regards to
that. I know you're only limited by your imagination when it comes to
PAM authentication. SSH-keys can (and should!) be password-protected
already.

-rb

On Wed, Jul 8, 2009 at 9:37 AM, Jim Popovitch<jimpop@gmail.com> wrote:
> On Wed, Jul 8, 2009 at 09:33, Roger Bumgarner<roger.bumgarner@gmail.com> wrote:
>> ALLOW rules and SSH-keys.
>
> Is there a way to force keys AND passwd verification?
>
> -Jim P.
>
>
> --
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>

Reply to:

Follow-Ups:
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Noah Meyerhans <noahm@debian.org>

References:
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: "Ramunas / techsupport.lt" <ramunas@techsupport.lt>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Justus <justus@abi007.info>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Leandro Minatel <leandrominatel@gmail.com>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Jeroen van Drongelen <jeroen@naturewebdesign.eu>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Leandro Minatel <leandrominatel@gmail.com>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Norbert Preining <preining@logic.at>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Leandro Minatel <leandrominatel@gmail.com>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Rafael Moraes <rafael@bsd.com.br>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Roger Bumgarner <roger.bumgarner@gmail.com>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Jim Popovitch <jimpop@gmail.com>

Prev by Date: Re: HEAD's UP: possible 0day SSH exploit in the wild
Next by Date: Re: HEAD's UP: possible 0day SSH exploit in the wild
Previous by thread: Re: HEAD's UP: possible 0day SSH exploit in the wild
Next by thread: Re: HEAD's UP: possible 0day SSH exploit in the wild
Index(es):
- Date
- Thread