Re: [Hampshire] OpenSSL in Debian is broken

Top Page
This message is part of the following thread:
M+++\the complete thread tree sorted by date
MMMMMSean Gibbins at <-
.MMMM\Graham Bleach at ->

Reply to this message
Author: Nick Chalk
Date:  
To: hampshire
Subject: Re: [Hampshire] OpenSSL in Debian is broken
Hugo Mills <hugo@???> wrote:
> I think that unless you hear otherwise, it's
> best to assume that they're affected. You could
> always get hold of the vulnerability tester
> given in the advisory and check your keys.

I'm not sure of the accuracy of the vulnerability
tester, but just in case...

Testing one of my ssh_known_hosts files reported
one weak key that _wasn't_ generated by a Debian
version of OpenSSH. The machine in question was
built entirely from source.

However, it was an old build of OpenSSH, probably
version 3. That system no longer exists, so I may
not be able to dig out the details. It may be
worth checking keys generated by older versions of
OpenSSH, though.

Nick.

[ Oh what a /fun/ evening. I've realised just how
many Linux systems I maintain, and how many
OpenVPN tunnels. Trying to work out the correct
sequence of ssh key generation to avoid locking
yourself out of once-removed remote systems is not
best done when tired... ]

--
Nick Chalk ................. once a Radio Designer
Confidence is failing to understand the problem.



This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] Debian Universe, is it deadRe: [Hampshire] OpenSSL in Debian is broken->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)