I thought you might like to see this. >>> Casper Dik <Casper.Dik@Sun.COM> 19/03/03 10:33:28 >>> >Thanks also to George who suggests that Sun_SSH is less secure than >OpenSSH and that I should consider using OpenSSH on Solaris 9 instead. I >would welcome anybody else's thoughts on this. I woudl certainly question that statemetn; while OpenSSH now has something called "privilege seperation" which could theoretically prevent exploits to have certain privileges immediately, the implementation of privilege separation is not flexible enough to support PAM and Solaris Auditing properly. I strongly suggest to stick with Solaris SSH; it's supported and we are committed to fixing security holes in it. It's also the only viable solution if you need to use Solaris Auditing. The PATH setting is the same as for telnetd/etc. The global setting should not be set per daemon but rather system wide (/etc/profile, /etc/.login or /etc/default/login) and not in a per-daemon configuration file. Casper _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Wed Mar 19 05:54:04 2003
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:07 EST