cvs commit: src/sbin/nologin Makefile nologin.c
Tony Finch
dot at dotat.at
Mon Feb 23 07:39:23 PST 2004
On Sun, Feb 22, 2004 at 06:56:47PM -0800, David Schultz wrote:
>
> Note that this attack also works with OpenSSH provided that the
> locked out user has a ~/.ssh/environment file.[1]
>
> [1] I think Theo might have changed his mind about this
> questionable feature and disabled it by default in
> recent versions of OpenSSH. See the PermitUserEnvironment
> option in sshd_config(5).
Yes, I submitted that feature in July 2002 and it was in that
October's 3.5 release. We have about 32,000 users that aren't
supposed to be able to get out of their walled garden, so the default
hard-crunchy-outsite/soft-chewy-inside that ssh gives us isn't good
enough.
Tony.
--
f.a.n.finch <dot at dotat.at> http://dotat.at/
FORTH TYNE DOGGER FISHER GERMAN BIGHT: MAINLY NORTH BACKING WEST OR NORTHWEST
5 TO 7, PERHAPS GALE 8 LATER. SQUALLY WINTRY SHOWERS THEN RAIN. GOOD BECOMING
MODERATE.
More information about the cvs-all
mailing list