Subtitle: Qualys finds two worrying bugs in OpenSSH
When I checked my personal rigs Debian had already released the patches and my home server had already auto updated itself.
Subtitle: Qualys finds two worrying bugs in OpenSSH
When I checked my personal rigs Debian had already released the patches and my home server had already auto updated itself.
Soo, the point is to not enable features that undermine security, like using an FQDN as a key (or source of a key) and to enable features that reduce DoS, like a connection timeout. Does not sound like bugs, just like missing default options.
It’s still important to not use the affecting options.