Jussi Ekholm écrivait :
> The same answer as a luser and as a root. What should I deduct from
> this? It's just so weird as I'm not running NFS, NIS or any other
> thingie that should use this port...
You said "what would try to connect to my system's port [...] 111
from within my own system". I w
On Thursday 17 October 2002 05:03 am, Orlando wrote:
> Not sure if this is real.
>
> He's using a hushmail account to post to the lists which is somewhat
> suspicious.
> He claims to have attached the binary but no one seems to have a copy of
> it. Some co-workers and other people have asked for a
Hi!
http://therapy.endorphin.org/secpack_0.1-1.deb implements a simple cron
based daily security update with signature checking using a modified version
of ajt's apt-check-sigs.
Feedback is appreciated. CC please, /me not on list.
Regards, Clemens
pgpVBkwjvCD5f.pgp
Description: PGP signature
I don't understand the need for this.
Can someone explain why 'apt-get update && apt-get dist-upgrade' is not
sufficient to keep a debian system secure and updated?
On Friday 18 October 2002 06:58 am, Fruhwirth Clemens wrote:
> Hi!
>
> http://therapy.endorphin.org/secpack_0.1-1.deb implements
On Fri, 2002-10-18 at 14:24, R. Bradley Tilley wrote:
> I don't understand the need for this.
>
> Can someone explain why 'apt-get update && apt-get dist-upgrade' is not
> sufficient to keep a debian system secure and updated?
It'll get to you when you have 200+ debian systems spread across the
On Fri, Oct 18, 2002 at 08:24:31AM -0400, R. Bradley Tilley wrote:
> Can someone explain why 'apt-get update && apt-get dist-upgrade' is not
> sufficient to keep a debian system secure and updated?
Because a hacked mirror could contain malicious packages.
When you check signatures before upgradin
On Fri, 18 Oct 2002 at 08:24:31AM -0400, R. Bradley Tilley wrote:
> I don't understand the need for this.
>
> Can someone explain why 'apt-get update && apt-get dist-upgrade' is not
> sufficient to keep a debian system secure and updated?
As pointed out several times in the past Debian has not fu
On Fri, 2002-10-18 at 09:33, Mark Janssen wrote:
> On Fri, 2002-10-18 at 14:24, R. Bradley Tilley wrote:
> > I don't understand the need for this.
> >
> > Can someone explain why 'apt-get update && apt-get dist-upgrade' is not
> > sufficient to keep a debian system secure and updated?
>
> It'll
Woody
host:/home/przemol>telnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
How can I disable the message ?
przemol
On Thu, 2002-10-17 at 01:53, WebMaster wrote:
> hello,
>
> can i safely apply the grsecurity patch?
Yes, removing the EXTRAVERSION line in the patch(woody).
> if this patch make servers more secure just by apply it (without acl),
> why isn it applied by default?
It can be much aggressive to set
On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote:
> Woody
>
> host:/home/przemol>telnet 192.168.x.y ssh
> Trying 192.168.x.y...
> Connected to 192.168.x.y.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
Edit sshd_config
find the line with something like
B
> Woody
>
> host:/home/przemol>telnet 192.168.x.y ssh
> Trying 192.168.x.y...
> Connected to 192.168.x.y.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
>
> How can I disable the message ?
This banner is needed information for a ssh client connecting to your
server, therefo
>From Jan Niehusmann on Friday, 18 October, 2002:
>On Fri, Oct 18, 2002 at 08:24:31AM -0400, R. Bradley Tilley wrote:
>> Can someone explain why 'apt-get update && apt-get dist-upgrade' is not
>> sufficient to keep a debian system secure and updated?
>Of course, if the hacker managed to modify fi
On Fri, 2002-10-18 at 14:58, [EMAIL PROTECTED] wrote:
> SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
>
> How can I disable the message ?
You can limit it somewhat (by editing source), but the protocol needs
the version string, so you can't change it without breaking
compatibility.
--
Mark Janssen --
On Fri, 18 Oct 2002 [EMAIL PROTECTED] wrote:
> Woody
>
> host:/home/przemol>telnet 192.168.x.y ssh
> Trying 192.168.x.y...
> Connected to 192.168.x.y.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
>
> How can I disable the message ?
edit /etc/ssh/sshd_config and put a comme
On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote:
> Woody
>
> host:/home/przemol>telnet 192.168.x.y ssh
> Trying 192.168.x.y...
> Connected to 192.168.x.y.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
>
> How can I disable the message ?
you can't without
On Fri, Oct 18, 2002 at 03:23:18PM +0200, vdongen wrote:
> > Woody
> >
> > host:/home/przemol>telnet 192.168.x.y ssh
> > Trying 192.168.x.y...
> > Connected to 192.168.x.y.
> > Escape character is '^]'.
> > SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
> >
> > How can I disable the message ?
> This bann
On Fri, 18 Oct 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote:
> host:/home/przemol>telnet 192.168.x.y ssh
> Trying 192.168.x.y...
> Connected to 192.168.x.y.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
>
> How can I disable the message ?
If you attempt to "disable" thi
On Fri, Oct 18, 2002 at 03:30:01PM +0200, Tobias Rosenstock wrote:
> On Fri, 18 Oct 2002 [EMAIL PROTECTED] wrote:
>
> > Woody
> >
> > host:/home/przemol>telnet 192.168.x.y ssh
> > Trying 192.168.x.y...
> > Connected to 192.168.x.y.
> > Escape character is '^]'.
> > SSH-2.0-OpenSSH_3.4p1 Debian 1:3
On Fri, Oct 18, 2002 at 03:23:42PM +0200, Aleksander Iwanski wrote:
> On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote:
> > Woody
> >
> > host:/home/przemol>telnet 192.168.x.y ssh
> > Trying 192.168.x.y...
> > Connected to 192.168.x.y.
> > Escape character is '^]'.
> > SSH-2.0-Ope
On Fri, 18 Oct 2002 at 03:23:42PM +0200, Aleksander Iwanski wrote:
> Edit sshd_config
>
> find the line with something like
>
> Banner /etc/issue.net
That will not get rid of the version identification string.
--
Phil
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth
You can still have a look there:
http://groups.google.com/groups?selm=cy9se16re.fsf%40zeus.theos.com&output=gplain
for an answer, but would be better to not touch it.
If you can restrict the access to port 22 for a few ip's, do it and block
the rest. Will save you some sleepless nights if you'r
Hi,
On Fri, 18 Oct 2002, vdongen wrote:
> > Woody
> >
> > host:/home/przemol>telnet 192.168.x.y ssh
> > Trying 192.168.x.y...
> > Connected to 192.168.x.y.
> > Escape character is '^]'.
> > SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
> >
> > How can I disable the message ?
> This banner is needed info
This won't do the trick, AFAIK it will only display /etc/issue.net
content before the password prompt, but wont change/hide the version
of the sshd when telnet'ing localhost || ip on port 22.
-xavier
> Edit sshd_config
>
> find the line with something like
>
> Banner /etc/issue.net
>
> and se
On Fri, Oct 18, 2002 at 09:42:14AM -0400, Phillip Hofmeister wrote:
> On Fri, 18 Oct 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote:
> > host:/home/przemol>telnet 192.168.x.y ssh
> > Trying 192.168.x.y...
> > Connected to 192.168.x.y.
> > Escape character is '^]'.
> > SSH-2.0-OpenSSH_3.4p1 Debia
> > SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
>
> Edit sshd_config
>
> find the line with something like
>
> Banner /etc/issue.net
>
> and set
>
> # Banner /etc/issue.net
>
> killall -9 sshd
>
> done
>
>
> Regards
afaik /etc/issue.net is intended for telnet and not for ssh.
furthermore:
$ n
On Fri, Oct 18, 2002 at 08:20:14AM -0500, Joseph Pingenot wrote:
> If people are interested enough in it, I might throw together something
> more formal.
IMHO there is no lack of interesting ideas - what we really need are
implementations.
apt-check-sigs is a nice proof-of-concept, and the deb
* Aleksander Iwanski <[EMAIL PROTECTED]>:
> Edit sshd_config
> find the line with something like
> Banner /etc/issue.net
That's not the banner he's talking about.
> killall -9 sshd
There are better ways to stop the ssh daemon.
* [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
> SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
>
> How can I disable the message ?
You don't want to disable it.
Hello,
> > You can; however, recompile and get rid of the "Debian 1:3.4p1-1" part...
> Why isn't it done by default ?
FreeBSD started this to get rid of users, complaining about the old
OpenSSH in the base system and to indicate that their OpenSSH is not the
2.3.0, but a security patched one.
Fre
issue(5) might help some of you about pre-login banner and daemon(s)
banner version.
-xavier
On Fri, Oct 18, 2002 at 03:30:01PM +0200, Tobias Rosenstock wrote:
> edit /etc/ssh/sshd_config and put a comment mark (#) at the beginning of
> the line that says
> Banner /etc/issue.net
> or something li
On Fri, Oct 18, 2002 at 03:50:12PM +0200, [EMAIL PROTECTED] wrote:
> > You can; however, recompile and get rid of the "Debian 1:3.4p1-1" part...
>
> Why isn't it done by default ?
9-12 months down the road (or whenever the next exploit in OpenSSH is
found), Debian will likely backport the fix in
>IMHO there is no lack of interesting ideas - what we really need are
>implementations.
Ja. I just have to find the time. :)
>apt-check-sigs is a nice proof-of-concept, and the debsigs stuff could
>also improve security significantly. Together, I'd say they'd suffice to
>make the debian mirror
Why can't apt-get be modified to check the md5sum of a package against an
official debian md5sum list before downloading and installing debs? This
seems much simpler and easier than signing debs.
On Friday 18 October 2002 09:55 am, Jan Niehusmann wrote:
> On Fri, Oct 18, 2002 at 08:20:14AM -0500
On Fri, Oct 18, 2002 at 10:48:16AM -0400, R. Bradley Tilley wrote:
> Why can't apt-get be modified to check the md5sum of a package against an
> official debian md5sum list before downloading and installing debs? This
> seems much simpler and easier than signing debs.
It does. The problem is, ho
On Fri, 18 Oct 2002 at 03:50:12PM +0200, [EMAIL PROTECTED] wrote:
> Why isn't it done by default ?
You would have to ask the maintainer...
--
Phil
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
XP Source Code:
#include
#include
On Tue, Oct 15, 2002 at 02:37:19PM -0700, Anne Carasik wrote:
> Hi Mathias,
>
> Thanks that's helpful if I'm workign on ONE machine. The problem
> is I can't get this working for our loghost which gets all the
> files.
>
> All I get is this:
>
> Other hosts syslogging to us:
> 290374 host1.examp
Four words: Single point of failure.
(Or is that six? Or ten? Yes, yes, that's right, twelve words. Let's try
that again, shall we? ... ;)
Besides, I strongly believe that it already does this... IIRC apt-get does
this to make sure that the packages weren't corrupted (or truncated) in tra
> issue(5) might help some of you about pre-login banner and daemon(s)
> banner version.
Banner gets diplayed _after_ successful login, but ssh "handshake" needs
some information about server ssh version.
There was a big flame about the "3.4p1 Debian 1:3.4p1-1" part of
message. It can _not_ be "ma
Jussi Ekholm <[EMAIL PROTECTED]> writes:
> Olaf Dietsche <[EMAIL PROTECTED]> wrote:
>> Jussi Ekholm <[EMAIL PROTECTED]> writes:
>>> So, what would try to connect to my system's port 16001 and 111
>>> from within my own system? Should I be concerned? Should I expect
>>> the worst? Any insight on t
This is unrelated to any security patches / exploits, hence
off-topic. I'm posting here mostly because it seems like the right
crowd for this sort of problem. If this offends you, let me know and
I'll find a different venue in the future.
OK. We're a large network running lo
On Fri, Oct 18, 2002 at 12:41:37PM -0700, Chris Majewski wrote:
> Now, we're looking to upgrade the Linux on these thin clients. I like
> Debian, so that's one obvious choice. However, a standard Debian
> install (e.g. what I run on my machine) gives us much more than we
> need.
Towar
OK, thanks. BTW, how does that differ from running tasksel and not
selecting any tasks? Or is that even possible?
-chris
"Noah L. Meyerhans" <[EMAIL PROTECTED]> writes:
> On Fri, Oct 18, 2002 at 12:41:37PM -0700, Chris Majewski wrote:
> > Now, we're looking to upgrade the Linux on these t
On Fri, 18 Oct 2002 at 12:41:37PM -0700, Chris Majewski wrote:
> Now, we're looking to upgrade the Linux on these thin clients. I like
> Debian, so that's one obvious choice. However, a standard Debian
> install (e.g. what I run on my machine) gives us much more than we
> need. This isn
Hi.
I have been thinking about puting apache inside a place it cannot harm
anything else on the system.
We are serving web pages for several projects and we cannot control what
every of them do (PHPNuke, PostNuke and friends have their big share of
vulnerabilities).
I have been reading about tw
* Chris Majewski <[EMAIL PROTECTED]> [021018 22:43]:
> RedHat), with an NFS-mounted root fs. They run almost nothing
> locally: currently an X server, sshd, and possibly some music forwarding
> daemon in the future, so users can listen to tunes on their thin
> clients using soft
On Wed, Oct 16, 2002 at 05:07:06PM -0500, Nathan A. Ferch wrote:
> is there a means to recieve email notifications of security-related
> packages in the same format as the -changes mailing lists or the emails
> that the PTS sends out? or is this not possible due to the way that the
> security archi
On Thursday 17 October 2002 05:03 am, Orlando wrote:
> Not sure if this is real.
>
> He's using a hushmail account to post to the lists which is somewhat
> suspicious.
> He claims to have attached the binary but no one seems to have a copy of
> it. Some co-workers and other people have asked for a
Jussi Ekholm écrivait :
> The same answer as a luser and as a root. What should I deduct from
> this? It's just so weird as I'm not running NFS, NIS or any other
> thingie that should use this port...
You said "what would try to connect to my system's port [...] 111
from within my own system". I w
Hi!
http://therapy.endorphin.org/secpack_0.1-1.deb implements a simple cron
based daily security update with signature checking using a modified version
of ajt's apt-check-sigs.
Feedback is appreciated. CC please, /me not on list.
Regards, Clemens
msg07424/pgp0.pgp
Description: PGP signat
I don't understand the need for this.
Can someone explain why 'apt-get update && apt-get dist-upgrade' is not
sufficient to keep a debian system secure and updated?
On Friday 18 October 2002 06:58 am, Fruhwirth Clemens wrote:
> Hi!
>
> http://therapy.endorphin.org/secpack_0.1-1.deb implements
On Fri, 2002-10-18 at 14:24, R. Bradley Tilley wrote:
> I don't understand the need for this.
>
> Can someone explain why 'apt-get update && apt-get dist-upgrade' is not
> sufficient to keep a debian system secure and updated?
It'll get to you when you have 200+ debian systems spread across the
On Fri, Oct 18, 2002 at 08:24:31AM -0400, R. Bradley Tilley wrote:
> Can someone explain why 'apt-get update && apt-get dist-upgrade' is not
> sufficient to keep a debian system secure and updated?
Because a hacked mirror could contain malicious packages.
When you check signatures before upgradin
On Fri, 18 Oct 2002 at 08:24:31AM -0400, R. Bradley Tilley wrote:
> I don't understand the need for this.
>
> Can someone explain why 'apt-get update && apt-get dist-upgrade' is not
> sufficient to keep a debian system secure and updated?
As pointed out several times in the past Debian has not fu
On Fri, 2002-10-18 at 09:33, Mark Janssen wrote:
> On Fri, 2002-10-18 at 14:24, R. Bradley Tilley wrote:
> > I don't understand the need for this.
> >
> > Can someone explain why 'apt-get update && apt-get dist-upgrade' is not
> > sufficient to keep a debian system secure and updated?
>
> It'll
Woody
host:/home/przemol>telnet 192.168.x.y ssh
Trying 192.168.x.y...
Connected to 192.168.x.y.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
How can I disable the message ?
przemol
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Cont
On Thu, 2002-10-17 at 01:53, WebMaster wrote:
> hello,
>
> can i safely apply the grsecurity patch?
Yes, removing the EXTRAVERSION line in the patch(woody).
> if this patch make servers more secure just by apply it (without acl),
> why isn it applied by default?
It can be much aggressive to set
On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote:
> Woody
>
> host:/home/przemol>telnet 192.168.x.y ssh
> Trying 192.168.x.y...
> Connected to 192.168.x.y.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
Edit sshd_config
find the line with something like
B
> Woody
>
> host:/home/przemol>telnet 192.168.x.y ssh
> Trying 192.168.x.y...
> Connected to 192.168.x.y.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
>
> How can I disable the message ?
This banner is needed information for a ssh client connecting to your
server, therefo
>From Jan Niehusmann on Friday, 18 October, 2002:
>On Fri, Oct 18, 2002 at 08:24:31AM -0400, R. Bradley Tilley wrote:
>> Can someone explain why 'apt-get update && apt-get dist-upgrade' is not
>> sufficient to keep a debian system secure and updated?
>Of course, if the hacker managed to modify fi
On Fri, 2002-10-18 at 14:58, [EMAIL PROTECTED] wrote:
> SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
>
> How can I disable the message ?
You can limit it somewhat (by editing source), but the protocol needs
the version string, so you can't change it without breaking
compatibility.
--
Mark Janssen --
On Fri, 18 Oct 2002 [EMAIL PROTECTED] wrote:
> Woody
>
> host:/home/przemol>telnet 192.168.x.y ssh
> Trying 192.168.x.y...
> Connected to 192.168.x.y.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
>
> How can I disable the message ?
edit /etc/ssh/sshd_config and put a comme
On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote:
> Woody
>
> host:/home/przemol>telnet 192.168.x.y ssh
> Trying 192.168.x.y...
> Connected to 192.168.x.y.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
>
> How can I disable the message ?
you can't without
On Fri, Oct 18, 2002 at 03:23:42PM +0200, Aleksander Iwanski wrote:
> On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote:
> > Woody
> >
> > host:/home/przemol>telnet 192.168.x.y ssh
> > Trying 192.168.x.y...
> > Connected to 192.168.x.y.
> > Escape character is '^]'.
> > SSH-2.0-Ope
This won't do the trick, AFAIK it will only display /etc/issue.net
content before the password prompt, but wont change/hide the version
of the sshd when telnet'ing localhost || ip on port 22.
-xavier
> Edit sshd_config
>
> find the line with something like
>
> Banner /etc/issue.net
>
> and se
On Fri, Oct 18, 2002 at 03:23:18PM +0200, vdongen wrote:
> > Woody
> >
> > host:/home/przemol>telnet 192.168.x.y ssh
> > Trying 192.168.x.y...
> > Connected to 192.168.x.y.
> > Escape character is '^]'.
> > SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
> >
> > How can I disable the message ?
> This bann
Hi,
On Fri, 18 Oct 2002, vdongen wrote:
> > Woody
> >
> > host:/home/przemol>telnet 192.168.x.y ssh
> > Trying 192.168.x.y...
> > Connected to 192.168.x.y.
> > Escape character is '^]'.
> > SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
> >
> > How can I disable the message ?
> This banner is needed info
On Fri, 18 Oct 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote:
> host:/home/przemol>telnet 192.168.x.y ssh
> Trying 192.168.x.y...
> Connected to 192.168.x.y.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
>
> How can I disable the message ?
If you attempt to "disable" thi
On Fri, Oct 18, 2002 at 03:30:01PM +0200, Tobias Rosenstock wrote:
> On Fri, 18 Oct 2002 [EMAIL PROTECTED] wrote:
>
> > Woody
> >
> > host:/home/przemol>telnet 192.168.x.y ssh
> > Trying 192.168.x.y...
> > Connected to 192.168.x.y.
> > Escape character is '^]'.
> > SSH-2.0-OpenSSH_3.4p1 Debian 1:3
On Fri, 18 Oct 2002 at 03:23:42PM +0200, Aleksander Iwanski wrote:
> Edit sshd_config
>
> find the line with something like
>
> Banner /etc/issue.net
That will not get rid of the version identification string.
--
Phil
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth
You can still have a look there:
http://groups.google.com/groups?selm=cy9se16re.fsf%40zeus.theos.com&output=gplain
for an answer, but would be better to not touch it.
If you can restrict the access to port 22 for a few ip's, do it and block
the rest. Will save you some sleepless nights if you'r
> > SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
>
> Edit sshd_config
>
> find the line with something like
>
> Banner /etc/issue.net
>
> and set
>
> # Banner /etc/issue.net
>
> killall -9 sshd
>
> done
>
>
> Regards
afaik /etc/issue.net is intended for telnet and not for ssh.
furthermore:
$ n
On Fri, Oct 18, 2002 at 09:42:14AM -0400, Phillip Hofmeister wrote:
> On Fri, 18 Oct 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote:
> > host:/home/przemol>telnet 192.168.x.y ssh
> > Trying 192.168.x.y...
> > Connected to 192.168.x.y.
> > Escape character is '^]'.
> > SSH-2.0-OpenSSH_3.4p1 Debia
On Fri, Oct 18, 2002 at 08:20:14AM -0500, Joseph Pingenot wrote:
> If people are interested enough in it, I might throw together something
> more formal.
IMHO there is no lack of interesting ideas - what we really need are
implementations.
apt-check-sigs is a nice proof-of-concept, and the deb
* Aleksander Iwanski <[EMAIL PROTECTED]>:
> Edit sshd_config
> find the line with something like
> Banner /etc/issue.net
That's not the banner he's talking about.
> killall -9 sshd
There are better ways to stop the ssh daemon.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
Hello,
> > You can; however, recompile and get rid of the "Debian 1:3.4p1-1" part...
> Why isn't it done by default ?
FreeBSD started this to get rid of users, complaining about the old
OpenSSH in the base system and to indicate that their OpenSSH is not the
2.3.0, but a security patched one.
Fre
* [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
> SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
>
> How can I disable the message ?
You don't want to disable it.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
issue(5) might help some of you about pre-login banner and daemon(s)
banner version.
-xavier
On Fri, Oct 18, 2002 at 03:30:01PM +0200, Tobias Rosenstock wrote:
> edit /etc/ssh/sshd_config and put a comment mark (#) at the beginning of
> the line that says
> Banner /etc/issue.net
> or something li
On Fri, Oct 18, 2002 at 03:50:12PM +0200, [EMAIL PROTECTED] wrote:
> > You can; however, recompile and get rid of the "Debian 1:3.4p1-1" part...
>
> Why isn't it done by default ?
9-12 months down the road (or whenever the next exploit in OpenSSH is
found), Debian will likely backport the fix in
>IMHO there is no lack of interesting ideas - what we really need are
>implementations.
Ja. I just have to find the time. :)
>apt-check-sigs is a nice proof-of-concept, and the debsigs stuff could
>also improve security significantly. Together, I'd say they'd suffice to
>make the debian mirror
Why can't apt-get be modified to check the md5sum of a package against an
official debian md5sum list before downloading and installing debs? This
seems much simpler and easier than signing debs.
On Friday 18 October 2002 09:55 am, Jan Niehusmann wrote:
> On Fri, Oct 18, 2002 at 08:20:14AM -0500
On Fri, Oct 18, 2002 at 10:48:16AM -0400, R. Bradley Tilley wrote:
> Why can't apt-get be modified to check the md5sum of a package against an
> official debian md5sum list before downloading and installing debs? This
> seems much simpler and easier than signing debs.
It does. The problem is, ho
On Fri, 18 Oct 2002 at 03:50:12PM +0200, [EMAIL PROTECTED] wrote:
> Why isn't it done by default ?
You would have to ask the maintainer...
--
Phil
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
XP Source Code:
#include
#include
On Tue, Oct 15, 2002 at 02:37:19PM -0700, Anne Carasik wrote:
> Hi Mathias,
>
> Thanks that's helpful if I'm workign on ONE machine. The problem
> is I can't get this working for our loghost which gets all the
> files.
>
> All I get is this:
>
> Other hosts syslogging to us:
> 290374 host1.examp
Four words: Single point of failure.
(Or is that six? Or ten? Yes, yes, that's right, twelve words. Let's try that
again, shall we? ... ;)
Besides, I strongly believe that it already does this... IIRC apt-get does this to
make sure that the packages weren't corrupted (or truncated) in tra
> issue(5) might help some of you about pre-login banner and daemon(s)
> banner version.
Banner gets diplayed _after_ successful login, but ssh "handshake" needs
some information about server ssh version.
There was a big flame about the "3.4p1 Debian 1:3.4p1-1" part of
message. It can _not_ be "ma
Jussi Ekholm <[EMAIL PROTECTED]> writes:
> Olaf Dietsche wrote:
>> Jussi Ekholm <[EMAIL PROTECTED]> writes:
>>> So, what would try to connect to my system's port 16001 and 111
>>> from within my own system? Should I be concerned? Should I expect
>>> the worst? Any insight on this issue would cal
This is unrelated to any security patches / exploits, hence
off-topic. I'm posting here mostly because it seems like the right
crowd for this sort of problem. If this offends you, let me know and
I'll find a different venue in the future.
OK. We're a large network running lo
On Fri, Oct 18, 2002 at 12:41:37PM -0700, Chris Majewski wrote:
> Now, we're looking to upgrade the Linux on these thin clients. I like
> Debian, so that's one obvious choice. However, a standard Debian
> install (e.g. what I run on my machine) gives us much more than we
> need.
Towar
OK, thanks. BTW, how does that differ from running tasksel and not
selecting any tasks? Or is that even possible?
-chris
"Noah L. Meyerhans" <[EMAIL PROTECTED]> writes:
> On Fri, Oct 18, 2002 at 12:41:37PM -0700, Chris Majewski wrote:
> > Now, we're looking to upgrade the Linux on these t
* Chris Majewski <[EMAIL PROTECTED]> [021018 22:43]:
> RedHat), with an NFS-mounted root fs. They run almost nothing
> locally: currently an X server, sshd, and possibly some music forwarding
> daemon in the future, so users can listen to tunes on their thin
> clients using soft
On Wed, Oct 16, 2002 at 05:07:06PM -0500, Nathan A. Ferch wrote:
> is there a means to recieve email notifications of security-related
> packages in the same format as the -changes mailing lists or the emails
> that the PTS sends out? or is this not possible due to the way that the
> security archi
92 matches
Mail list logo
