---

SSH miseries – it’s time to break out the firewall

By Dave Whitinger

Like it or not, if you are using ssh, you could very well be
vulnerable to an unknown remote root-exploit. Despite alleged false
statements about vulnerabilities (posted to the BUGTRAQ mailing
list), it will be extremely un-wise to continue to allow ssh access
to all hosts on the Internet.

Aleph One (moderator of BUGTRAQ) suggests:

“All persons that have examined the ssh code so far have
found it to be secure (so far). If you require a safety net to
sleep well at night while running sshd I recommend you recompile it
with the StackGuard compiler (if you are running on a x86 or want
to port it).

http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/

Failing this, you may consider using some simple firewall rules
to disallow ssh access except to known (and trusted) hosts. If you
need a script to do this, just let us know and we’ll try
to help.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis