Openssh 7.9p1 Exploit -

Liked this? Check out my next post: "Is OpenSSL 1.0.2 really that bad? (Yes. Yes it is.)"

The real exploit is staring at the auth log. 7.9p1 logs everything. Wait for an admin to mistype their password. Or for a cron job to leak an argument. The Verdict: Patch or Panic? Do not panic. But do patch. openssh 7.9p1 exploit

for user in root admin ubuntu; do ssh -o PreferredAuthentications=none $user@target "2>&1" | grep "Permission denied (publickey)"; done Liked this