[Gllug] SSH is Not Secure!
home at alexhudson.com
home at alexhudson.com
Wed Jul 25 12:07:37 UTC 2001
On Tue, Jul 24, 2001 at 11:42:36PM +0000, Mike Brodbelt wrote:
> > Oh. If that's the case I must have misunderstood the bugtraq thread :(
>
> You didn't. The major bug is that the affected commercial SSH version
> makes no attempt to check for *'d accounts.
I have to admit, my first response seems a little naive now - I thought SSH
on Linux would use PAM.
That's pretty poor if it doesn't (by default, that is - I'll eat my hat if
it can't be configured for PAM authentication).
Cheers,
Alex.
--
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list