[Gllug] SSH is Not Secure!
Bruce Richardson
brichardson at lineone.net
Wed Jul 25 13:46:25 UTC 2001
On 7/25/01, 12:07:37 PM, home at alexhudson.com wrote regarding Re:
[Gllug] SSH is Not Secure!:
> On Tue, Jul 24, 2001 at 11:42:36PM +0000, Mike Brodbelt wrote:
> > > Oh. If that's the case I must have misunderstood the bugtraq thread :(
> >
> > You didn't. The major bug is that the affected commercial SSH version
> > makes no attempt to check for *'d accounts.
> I have to admit, my first response seems a little naive now - I
thought SSH
> on Linux would use PAM.
> That's pretty poor if it doesn't (by default, that is - I'll eat my
hat if
> it can't be configured for PAM authentication).
Umph. That was my thought. Yet another reason to use openssh.
--
Bruce
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list