[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] ssh remote root exploit :-(

Subject: [ale] ssh remote root exploit :-(
From: jimpop at rocketship.com (Jim Popovitch)
Date: Tue, 25 Jun 2002 21:12:46 -0400

One thing everyone can do is to move the ssh port to some arbitrary port
number.  Anyone who wants to sweep for ssh vulnerabilities will have their
hands full for a while looking for machines on port 22.

Here's how you do it...

edit /etc/ssh/sshd_config and change the port line from 22 to a number not
referenced in /etc/services.  I would suggest something greater than 30,000
and less than 65,535.

Next restart sshd by running /etc/init.d/ssh restart or /etc/rc.d/init.d/ssh
restart (depending on your distro it may be init.d/sshd or init.d/ssh).

The test it out by ssh'ing to the new port:

   ssh -p 30303 localhost



-Jim P.

> -----Original Message-----
> From: Jonathan Rickman
>
> Everyone should be aware that this new version does not fix the
> vulnerability. It only reduces the risk since the attacker can only
> gain access to the sshd account due to the new priveledge separation
> feature. This could still ruin your day if your system is miles away and
> ssh is your only means of accessing it.
>
> Just a reminder not to get too comfortable yet :)





---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

Prev by Date: [ale] Wine
Next by Date: [ale] ssh remote root exploit :-(
Previous by thread: [ale] ssh remote root exploit :-(
Next by thread: [ale] ssh remote root exploit :-(
Index(es):
- Date
- Thread