If you run SSH on OS X PB, there's a new report on a number of websites of a security hole in versions under 2.3.0. You can either attempt to install OpenSSH 2.3 (available from the OpenSSH web site
), or you can disable the SSH1 protocol, which is where the security hole exists.
To disable SSH1, start a terminal session, enter su
and your root password, and edit the file /etc/sshd_config. You may want to back it up first (cp sshd_config sshd_config_old
), just in case. Change the line that reads #Protocol 2,1
to simply Protocol 2
. Remember to take out the '#', otherwise the line is still commented out! Save your changes and exit the editor.
The last step is to generate a host DSA key, while still logged in as root. Type ssh-keygen -d
and wait for the prompted save location. Type "/etc/ssh_host_dsa_key" as your response, and then enter two "return" keystrokes when asked for the passphrase.
Now either 'kill' and restart sshd, or restart the computer, and you should be good to go. If you had been using NiftyTelnet SSH (an SSH1 client) to connect to your box, it will no longer work. You'll have to use MacSSH
, which is an SSH2 client ... or just use the UNIX command line, if you're coming from another OS X or UNIX box.