[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Upcoming OpenSSH vulnerability
On Tue, Jun 25, 2002 at 03:12:27AM -0600, Theo de Raadt wrote:
> > Does it means that this bug can be exploited when sshd is
> > running with "PermitRootLogin yes" ?
> Maybe yes, maybe no.
> Note I've not answered your question either way. So what are
> you going to do? Perhaps follow the instructions I sent?
A related but different question: best practices dictate using
sudo and not logging in as root. Regardless of the current bug,
are there non-policy reasons to avoid ``PermitRootLogin yes''?
[demime 0.98d removed an attachment of type application/pgp-signature]