OpenSSH's UseLogin option allows remote access with root privilege.

Markus Friedl markus.friedl at informatik.uni-erlangen.de
Sat Jun 10 01:56:18 EST 2000

Previous message: patch for utmpx corruption for openssh-2.1.0p3.tar.gz
Next message: openssh-2.1.1p1 RH62 compile failure
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Is OpenBSD with "UseLogin yes" vulnerable or not (even though it's not
> default)?

all systems running OpenSSH with UseLogin=yes are vulnerable.

however, it was not possible for me to make this

	$ ssh openbsdhost id

work on OpenBSD+OpenSSH+UseLogin.

Previous message: patch for utmpx corruption for openssh-2.1.0p3.tar.gz
Next message: openssh-2.1.1p1 RH62 compile failure
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the openssh-unix-dev mailing list