[lug] Debian/Ubuntu keys

John Hernandez jph at jph.net
Tue May 13 17:43:56 MDT 2008


I suspect it updated the host keys, which is good, but individual user 
keys (if present in authorized_keys files) may still need to be regenerated.

It's also worth noting that this can affect non-Debian systems that 
allow key-based SSH authentication, where the key material may have been 
generated on a vulnerable machine.

If you administer a server with many ssh-enabled accounts, you should 
consider using the dowkd utility to check for weak keys in 
authorized_keys files.

http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc
http://security.debian.org/project/extra/dowkd/dowkd.pl.gz

-John

Nathan Berry wrote:
> I have an Ubuntu system that I just updated.  When the update ran it 
> automagically regenerated some new keys.
> 
> 
> Nathan
> 
> 
> 
> On Tue, May 13, 2008 at 1:27 PM, John Hernandez <jph at jph.net 
> <mailto:jph at jph.net>> wrote:
> 
> 
>     For those of you using Debian and Ubuntu systems, you should be
>     aware of a recently announced vulnerability concerning openssl and
>     weak keys generated on these systems.
> 
>     In particular, this could affects folks that use SSH key-based
>     authentication.
> 
>     Here's the Debian Advisory
> 
>     http://www.debian.org/security/2008/dsa-1571
> 
>     -John
>     _______________________________________________
>     Web Page:  http://lug.boulder.co.us
>     Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>     Join us on IRC: lug.boulder.co.us <http://lug.boulder.co.us>
>     port=6667 channel=#colug
> 
> 
> 
> 
> -- 
> "Believe nothing, no matter where you read it - even if I have said it - 
> unless it agrees with your own reason and your own common sense."
> 
> -- Buddha
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug




More information about the LUG mailing list