Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Tech and Talk » OS and Software » All Things Unix » Heads Up: Debian OpenSSL RNG Vuln CVE-2008-0166
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Forum FAQ ·Attitude Adjustment ·Linux docs ·DistroWatch ·OPLM ·FreeBSD Handbook
Gentoo revokes developer rights of 3, Cabal suspected. »
« Which is more stable and reliable UNIX OS?  
AuthorAll Replies


evilghost
Premium
join:2003-11-22
Springville, AL
·Windstream

reply to BeesTea
Re: Heads Up: Debian OpenSSL RNG Vuln CVE-2008-0166

Is there any reason to regenerate the host-wide keys in /etc/ssh or just those created with ssh-keygen for use in authorized_keys?

to forum · permalink · · 2008-05-13 14:00:12 · Reply to this


BeesTea
Network Janitor
Premium,VIP
join:2003-03-08
00000

 For sure host keys would be vulnerable too. The public/private key exchange to build an ssh session pre-auth is almost identical to the one used for auth.

It's going to be a while before all the impact of this is fully understood I think. Thanks for pointing that out. It might be worth brain dumping all the places where SSL might get used like that.
--
Overpower, overcome.
to forum · permalink · · 2008-05-13 14:10:04 · Reply to this


refused

join:2005-10-10
Redding, CA

reply to evilghost
quote:
Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key
material for use in X.509 certificates and session keys used in SSL/TLS
connections. Keys generated with GnuPG or GNUTLS are not affected,
though.
if generated with 0.9.8c-1 or after, yah they should probably be regenerated with a fixed version. the security bulletin says the old stable version Sarge wasn't affected, so depends where your ssh keys came from and what version they came from. better safe than sorry though.
--
"Ubuntu" - an African word, meaning "Slackware is too hard for me".
to forum · permalink · · 2008-05-13 14:15:08 · Reply to this


srgyhryt89yfn

@gov.br		reply to evilghost
Yes. You need to regenerate them, they're required for the security of the session setup.
to forum · permalink · 2008-05-13 14:45:06 · Reply to this
Forums » Tech and Talk » OS and Software » All Things UnixGentoo revokes developer rights of 3, Cabal suspected. »
« Which is more stable and reliable UNIX OS?  

Tuesday, 10-Nov 19:23:23 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [113] Moto Sold About 100,000 Droids
· [93] Verizon Keeps Swinging At AT&T
· [86] VoIP Over 3G Still Not Working For iPhone
· [64] Government Will Release Some Telco Wiretap Lobbying Documents
· [54] Verizon's Hanging Up On Rural America
· [34] Bill Would Force ISPs To Block Financial Scams
· [30] Verizon's Higher ETFs Annoy Senator
· [25] Sprint Announces Job Cuts
· [24] Mediacom Hints At 50, 100 Mbps Speeds
· [21] Google Offers Free Holiday Airport Wi-Fi
Most people now reading
· Windows 7 boot manager editing questions [Microsoft Help]
· Holy work line speeds!! [TekSavvy]
· Google Has Acquired Gizmo5 [VOIP Tech Chat]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Framed for child porn 151; by a PC virus [Security]
· A fishy CRTC tarriff filed by bell? [TekSavvy]
· Are Gillette Fusion blades made of gold? [General Questions]
· Water heater pilot light won't light [Home Repair & Improvement]
· House inspector failed to find major gas leak [Home Repair & Improvement]