[ale] ssh remote root exploit :-(

Jim Popovitch jimpop at rocketship.com
Tue Jun 25 21:12:46 EDT 2002


One thing everyone can do is to move the ssh port to some arbitrary port
number.  Anyone who wants to sweep for ssh vulnerabilities will have their
hands full for a while looking for machines on port 22.

Here's how you do it...

edit /etc/ssh/sshd_config and change the port line from 22 to a number not
referenced in /etc/services.  I would suggest something greater than 30,000
and less than 65,535.

Next restart sshd by running /etc/init.d/ssh restart or /etc/rc.d/init.d/ssh
restart (depending on your distro it may be init.d/sshd or init.d/ssh).

The test it out by ssh'ing to the new port:

   ssh -p 30303 localhost



-Jim P.

> -----Original Message-----
> From: Jonathan Rickman
>
> Everyone should be aware that this new version does not fix the
> vulnerability. It only reduces the risk since the attacker can only
> gain access to the sshd account due to the new priveledge separation
> feature. This could still ruin your day if your system is miles away and
> ssh is your only means of accessing it.
>
> Just a reminder not to get too comfortable yet :)





---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list