This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OpenSSH Vulnerability

With the recent announcement of vulnerabilities/exploites for OpenSSH compiled against OpenSSL, will there be a firmware upgrade to patch this, as the version installed in the product appears to be vulnerable? (On the paid/licensed version of the product, of course)

Thanks

L.

This thread was automatically locked due to age.

Parents

0 BAlfson over 16 years ago

Is this really a problem? - iTWire - OpenSSH developer plays down exploit rumours

If you are concerned about this, you can simply disable SSH access or limit it to internal and VPN access.

Or, is there something I'm not understanding?

Thanks - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 16 years ago in reply to BAlfson

I'm sure Astaro will integrate the latest patches into a firmware update, if they are applicable... however, I do recommend that you follow best practices and restrict access to the SSH service altogether; for customers that we manage, we setup a restricted access list (static IPs), a very short list, for SSH and Webadmin access...and for those we don't we always recommend they follow similar procedures.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BrucekConvergent over 16 years ago in reply to BAlfson

I'm sure Astaro will integrate the latest patches into a firmware update, if they are applicable... however, I do recommend that you follow best practices and restrict access to the SSH service altogether; for customers that we manage, we setup a restricted access list (static IPs), a very short list, for SSH and Webadmin access...and for those we don't we always recommend they follow similar procedures.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data