[Ach] More OpenSSH Hardening
Sven Kieske
svenkieske at gmail.com
Wed Jan 7 08:51:08 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07.01.2015 02:48, Axel Hübl wrote:
> Hi,
>
> I just found
> https://stribika.github.io/2015/01/04/secure-secure-shell.html
>
> with quite clear explanations.
>
> Especially I didn't realize there is a /etc/ssh/moduli file for the
> DH params in OpenSSH - we might want to add that, too.
This part is very insecure on systems with multiple accounts
as everyone can write to /tmp/ , resulting in an overwritten file
by a third party:
> ssh-keygen -G /tmp/moduli -b 4096 ssh-keygen -T /etc/ssh/moduli -f
> /tmp/moduli
And this person cares about security..
kind regards
Sven
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQGcBAEBAgAGBQJUrOVsAAoJEAq0kGAWDrqlSvQMALSNyQ4/P2amd7GnYd2h1jjI
QOsxMMQKYFLfsq5Je337PYI0RngM2IjcjYglSAbOsrM7NZn4yyCPh1xVIM6vvrzJ
M2XwbwGrieGUzhMIqSjREGFU+3zZT3/dODUErEUUIDEDqnEApYdAxwaj1v1JzLGS
jXOq+via9eRZ21vd/nKf6UjSwbXz8qNQD8CgtQTuJQKxEyEsM+gZ5p9doyzGCvj3
BNysfvXEpeP2Z3uVsR9DZ8a2w9bvcdz4jT00skP2UB/VIqlh1rDwmeRQ5at5PYmz
X2C/zQY9WxPso/U8vqbnmE0gUFO/P5uWNOox+6Bdr8at9RKmR9P6DWKpp1JFbU9o
kz49GqXoF6DM2QWseUkoCC++bPsbOZoMOWXq7lU0rXzbo52EhbDYEpx7zmhXKuoz
lx1rotBCAYGtlIVASa+kQ+0Y67ttj2vaQ1QRyUefmkiBqY9yvQ+H6jR+WfMHbdoQ
PEGldk2myEQrlp45en9P36BlqkawPnUSUR46Nmxyng==
=0oAa
-----END PGP SIGNATURE-----
More information about the Ach
mailing list