Does a known security issue allow ssh login via system accounts?

Damien Miller djm at mindrot.org
Tue Mar 1 09:49:40 AEDT 2022


On Tue, 1 Mar 2022, Damien Miller wrote:

> We're not aware of any security problems in OpenSSH 8.6 that could yield
> access to a locked account like this.

I'd just add that if an attacker did have a sshd 0-day, then burning it
only to send spam seems amazingly profligate...

-d


More information about the openssh-unix-dev mailing list