Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [discuss] openssh update
From: Vox (voxgnulinux.org.mx)
Date: Thu Sep 18 2003 - 16:58:39 CDT
On September 1993 plus 3669 days Vincent Danen wrote:
> On Thu Sep 18, 2003 at 04:43:58PM -0500, Vox wrote:
>> >> >> As I said, login works. But the error message is a little bit annoying.
>> >> >
>> >> > Yeah, I can believe that. When time permits, unless someone else has some
>> >> > good ideas, I'll try to figure it out.
>> >> For what is worth, I'm getting the same error on a 9.2-rc2 box with
>> >> all the latest openssh and related updates (I'm not 100% up to date
>> >> with cooker...stupid mirrors) and on my 9.0 firewall (all up to
>> >> date). I use key-only auth on the 9.0 box and password auth on my
>> >> desktop box.
>> > Can you disable privsep for a moment and see if that changes
>> > anything?
>> Didn't change a thing on either box...still erroring on both.
> Ok, well it's good to know that this isn't caused by privsep. As much as I
> dislike the PAM problems it can cause, I dislike not having it even
I agree with you, totally.
>> I think whoever said this was the "fix" for the timing attack from a
>> few months ago is right...and if it's true, the openssh people
>> should be shot.
> Could very well be. And if that's the case, there isn't much we can do
> about it.
That's what I was afraid of :/
> Mind you, I'm pretty good about keeping openssh current in updates anyways,
> so if a 3.7.2 or 3.8 fixes this (and becomes stable), it'll likely make it's
> way into updates.
> I guess that's the nice thing about handling updates and being the openssh
> maintainer at the same time... =)
hehehe yup, it is :)
Think of the Linux community as a niche economy isolated by its beliefs. Kind
of like the Amish, except that our religion requires us to use _higher_
technology than everyone else. -- Donald B. Marti Jr.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
-----END PGP SIGNATURE-----