tech-security: Re: openssh s/key issue (Was: Re: rfd2228 in ftpd)

Subject: Re: openssh s/key issue (Was: Re: rfd2228 in ftpd)
To: Jaromir Dolecek <jdolecek@netbsd.org>
From: None <itojun@iijlab.net>
List: tech-security
Date: 07/01/2002 22:52:58

>> 	i guess the problem is not how many users are using s/key, but how many
>> 	of installed systems that has it turned on (most of the openssh
>> 	installation shipped with it turned on).
>Yes, I realize virtually all OpenSSH users were vulnerable.
>However, how could not publishing valid workaround help with that?

	i recommend you to read section 6 (release process) of
	http://openssh.com/txt/preauth.adv

itojun