[lug] Debian/Ubuntu keys
Nate Duehr
nate at natetech.com
Thu May 15 13:25:54 MDT 2008
John Hernandez wrote:
> I suspect it updated the host keys, which is good, but individual user
> keys (if present in authorized_keys files) may still need to be
> regenerated.
>
> It's also worth noting that this can affect non-Debian systems that
> allow key-based SSH authentication, where the key material may have been
> generated on a vulnerable machine.
>
> If you administer a server with many ssh-enabled accounts, you should
> consider using the dowkd utility to check for weak keys in
> authorized_keys files.
>
> http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc
> http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
>
> -John
Debian released a new version of sshd that depends on the new SSL
library previously released that also includes the ssh-vulnkey tool for
checking your keys, and also regenerates your ssh keys automatically
(you're prompted) if all of the dependencies are pulled in properly.
(note: "aptitude upgrade" will NOT pull in the dependencies under
certain configurations -- interactive aptitude will)
Nate
More information about the LUG
mailing list