Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

SSH security hole and fix System
If you run SSH on OS X PB, there's a new report on a number of websites of a security hole in versions under 2.3.0. You can either attempt to install OpenSSH 2.3 (available from the OpenSSH web site), or you can disable the SSH1 protocol, which is where the security hole exists.

To disable SSH1, start a terminal session, enter su and your root password, and edit the file /etc/sshd_config. You may want to back it up first (cp sshd_config sshd_config_old), just in case. Change the line that reads #Protocol 2,1 to simply Protocol 2. Remember to take out the '#', otherwise the line is still commented out! Save your changes and exit the editor.

The last step is to generate a host DSA key, while still logged in as root. Type ssh-keygen -d and wait for the prompted save location. Type "/etc/ssh_host_dsa_key" as your response, and then enter two "return" keystrokes when asked for the passphrase.

Now either 'kill' and restart sshd, or restart the computer, and you should be good to go. If you had been using NiftyTelnet SSH (an SSH1 client) to connect to your box, it will no longer work. You'll have to use MacSSH, which is an SSH2 client ... or just use the UNIX command line, if you're coming from another OS X or UNIX box.
  • Currently 3.00 / 5
  You rated: 4 / 5 (6 votes cast)

SSH security hole and fix | 2 comments | Create New Account
Click here to return to the 'SSH security hole and fix' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Clearing up some confusion
Authored by: Anonymous on Feb 13, '01 08:13:46PM
Mac OS X public beta ships with OpenSSH 2.1.1, not OpenSSH 2.3.0, which is the newest version of that software. SSH 2.3 (now at 2.4) is a different product then OpenSSH 2.3. The former is a commercial product, the latter is free and an open source community product. - Scott

[ Reply to This | # ]
more info, tutorial
Authored by: patpro on Mar 01, '01 03:56:29AM has a very good tutorial that should allow you to compile the latest OpenSSH release. I succesfully built the 2.5.1p1 last evening

[ Reply to This | # ]