By Dave Whitinger
Like it or not, if you are using ssh, you could very well be
vulnerable to an unknown remote root-exploit. Despite alleged false
statements about vulnerabilities (posted to the BUGTRAQ mailing
list), it will be extremely un-wise to continue to allow ssh access
to all hosts on the Internet.
Aleph One (moderator of BUGTRAQ) suggests:
“All persons that have examined the ssh code so far have
found it to be secure (so far). If you require a safety net to
sleep well at night while running sshd I recommend you recompile it
with the StackGuard compiler (if you are running on a x86 or want
to port it).
http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/
“
Failing this, you may consider using some simple firewall rules
to disallow ssh access except to known (and trusted) hosts. If you
need a script to do this, just let us know and we’ll try
to help.