republican-creole
Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Tech and Talk » OS and Software » All Things Unix » Heads Up: Debian OpenSSL RNG Vuln CVE-2008-0166
Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Forum FAQ ·Attitude Adjustment ·Linux docs ·DistroWatch ·OPLM ·FreeBSD Handbook
Gentoo revokes developer rights of 3, Cabal suspected. »
« Which is more stable and reliable UNIX OS?  

evilghost
Premium
join:2003-11-22
Springville, AL
·Windstream

Re: Heads Up: Debian OpenSSL RNG Vuln CVE-2008-0166

Is there any reason to regenerate the host-wide keys in /etc/ssh or just those created with ssh-keygen for use in authorized_keys?

permalink · 2008-05-13 14:00:12 · Reply to this

BeesTea
Network Janitor
Premium,VIP
join:2003-03-08
00000

Re: Heads Up: Debian OpenSSL RNG Vuln CVE-2008-0166

For sure host keys would be vulnerable too. The public/private key exchange to build an ssh session pre-auth is almost identical to the one used for auth.

It's going to be a while before all the impact of this is fully understood I think. Thanks for pointing that out. It might be worth brain dumping all the places where SSL might get used like that.
--
Overpower, overcome.
permalink · 2008-05-13 14:10:04 · Reply to this

refused

join:2005-10-10
Redding, CA
quote:
Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key
material for use in X.509 certificates and session keys used in SSL/TLS
connections. Keys generated with GnuPG or GNUTLS are not affected,
though.
if generated with 0.9.8c-1 or after, yah they should probably be regenerated with a fixed version. the security bulletin says the old stable version Sarge wasn't affected, so depends where your ssh keys came from and what version they came from. better safe than sorry though.
--
"Ubuntu" - an African word, meaning "Slackware is too hard for me".
permalink · 2008-05-13 14:15:08 · Print · Reply to this

srgyhryt89yfn

@gov.br		 Yes. You need to regenerate them, they're required for the security of the session setup.
permalink · 2008-05-13 14:45:06 · Reply to this
Forums » Tech and Talk » OS and Software » All Things UnixGentoo revokes developer rights of 3, Cabal suspected. »
« Which is more stable and reliable UNIX OS?  

Monday, 14-Dec 19:19:22 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [104] Verizon Kindly Forgives Kid's $21,917 3G Bandwidth Bill
· [102] Google To Sell Phone Directly To Consumers
· [65] TiVO Tries To Figure Out Where It Fits
· [52] Faster Verizon DSL Service Will Burn Your House Down
· [42] NY Times: AT&T 3G Network Is Secretly Awesome
· [22] Rural Broadband User? You're Screwed
· [21] Sweden First To Get LTE Service
· [18] Can Satire Take Down AT&T's 3G Network?
· [1] Monday Morning Links
· [0] Monday Evening Links
Most people now reading
· Official Mediacom Email Discussion Thread [Mediacom]
· Ashen Verdict Rep farming guide (ICC 10) [World of Warcraft]
· how to get money back when ripped off [General Questions]
· personal check etiquette [General Questions]
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· Wind to get Cabinet intervention possibly today [TekSavvy]
· DKs and their obsession with Agility [World of Warcraft]
· So independants will be out of business in..........? [Canadian Broadband]
· Exalted with Ashen Verdict before the end of the week [World of Warcraft]
· Windows 7 boot manager editing questions [Microsoft Help]