> is there a security issue on CentOS 5.3 with openssh 4.3? I > ask that cause of > http://www.h-online.com/security/Rumours-of-critical-vulnerabi > lity-in-OpenSSH-in-Red-Hat-Enterprise-Linux--/news/113712 > and http://secer.org/hacktools/0day-openssh-remote-exploit.html. > > Should ssh login from internet on CentOS better be disabled? You should always limit access to sensitive services on a machine. Remote login should be included in that list. Either limit it by firewall or in the openssh daemon to certain ips. Even if you can only limit it to a class c or class a, you've still chopped out a number of possibly malicious hosts. Patrick