Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Tech and Talk » OS and Software » All Things Unix » Heads Up: Debian OpenSSL RNG Vuln CVE-2008-0166
Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Forum FAQ ·Attitude Adjustment ·Linux docs ·DistroWatch ·OPLM ·FreeBSD Handbook
Gentoo revokes developer rights of 3, Cabal suspected. »
« Which is more stable and reliable UNIX OS?  

evilghost
Premium
join:2003-11-22
Springville, AL
·Windstream

Re: Heads Up: Debian OpenSSL RNG Vuln CVE-2008-0166

Is there any reason to regenerate the host-wide keys in /etc/ssh or just those created with ssh-keygen for use in authorized_keys?

permalink · 2008-05-13 14:00:12 · Reply to this

BeesTea
Network Janitor
Premium,VIP
join:2003-03-08
00000

Re: Heads Up: Debian OpenSSL RNG Vuln CVE-2008-0166

For sure host keys would be vulnerable too. The public/private key exchange to build an ssh session pre-auth is almost identical to the one used for auth.

It's going to be a while before all the impact of this is fully understood I think. Thanks for pointing that out. It might be worth brain dumping all the places where SSL might get used like that.
--
Overpower, overcome.
permalink · 2008-05-13 14:10:04 · Reply to this

refused

join:2005-10-10
Redding, CA
quote:
Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key
material for use in X.509 certificates and session keys used in SSL/TLS
connections. Keys generated with GnuPG or GNUTLS are not affected,
though.
if generated with 0.9.8c-1 or after, yah they should probably be regenerated with a fixed version. the security bulletin says the old stable version Sarge wasn't affected, so depends where your ssh keys came from and what version they came from. better safe than sorry though.
--
"Ubuntu" - an African word, meaning "Slackware is too hard for me".
permalink · 2008-05-13 14:15:08 · Print · Reply to this

srgyhryt89yfn

@gov.br		 Yes. You need to regenerate them, they're required for the security of the session setup.
permalink · 2008-05-13 14:45:06 · Reply to this
Forums » Tech and Talk » OS and Software » All Things UnixGentoo revokes developer rights of 3, Cabal suspected. »
« Which is more stable and reliable UNIX OS?  

Saturday, 28-Nov 10:56:53 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [122] Time Warner Cable Fires Broadside At Broadcasters
· [112] New AT&T Ad Campaign Hits Back At Verizon
· [96] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [72] TiVo Sees Record Customer Losses
· [69] In-Flight Internet Headed For Bumpy Landing?
· [69] Verizon CEO: Hulu Will Be Dead Soon
· [62] Thanksgiving Open Thread
· [54] Weekend Open Thread
· [40] EFF Wages War On Fine Print
Most people now reading
· Windows 7 boot manager editing questions [Microsoft Help]
· Using AirMax to provide triple play services? [Wireless Service Providers]
· Backstab vs screws (not which to use) [Home Repair & Improvement]
· [WIN7] Outlook express under Windows 7? [Microsoft Help]
· Why does it take so long? Mail question [General Questions]
· Motion Sickness Solutions? [General Questions]
· Hosts file attributes set to system and hidden [Security]
· [Newsgroups] Newzleech down? [Filesharing Software]
· 'The antivirus industry sucks' [Security]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]