republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Tech and Talk » OS and Software » All Things Unix » Heads Up: Debian OpenSSL RNG Vuln CVE-2008-0166
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Forum FAQ ·Attitude Adjustment ·Linux docs ·DistroWatch ·OPLM ·FreeBSD Handbook
Gentoo revokes developer rights of 3, Cabal suspected. »
« Which is more stable and reliable UNIX OS?  
AuthorAll Replies


srgyhryt89yfn

@gov.br		reply to evilghost
Re: Heads Up: Debian OpenSSL RNG Vuln CVE-2008-0166

Yes. You need to regenerate them, they're required for the security of the session setup.
to forum · permalink · 2008-05-13 14:45:06 · Reply to this


refused

join:2005-10-10
Redding, CA

reply to evilghost
quote:
Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key
material for use in X.509 certificates and session keys used in SSL/TLS
connections. Keys generated with GnuPG or GNUTLS are not affected,
though.
if generated with 0.9.8c-1 or after, yah they should probably be regenerated with a fixed version. the security bulletin says the old stable version Sarge wasn't affected, so depends where your ssh keys came from and what version they came from. better safe than sorry though.
--
"Ubuntu" - an African word, meaning "Slackware is too hard for me".
to forum · permalink · · 2008-05-13 14:15:08 · Reply to this


BeesTea
Network Janitor
Premium,VIP
join:2003-03-08
00000

reply to evilghost
For sure host keys would be vulnerable too. The public/private key exchange to build an ssh session pre-auth is almost identical to the one used for auth.

It's going to be a while before all the impact of this is fully understood I think. Thanks for pointing that out. It might be worth brain dumping all the places where SSL might get used like that.
--
Overpower, overcome.
to forum · permalink · · 2008-05-13 14:10:04 · Reply to this


evilghost
Premium
join:2003-11-22
Springville, AL
·Windstream

reply to BeesTea
Is there any reason to regenerate the host-wide keys in /etc/ssh or just those created with ssh-keygen for use in authorized_keys?

to forum · permalink · · 2008-05-13 14:00:12 · Reply to this
Forums » Tech and Talk » OS and Software » All Things UnixGentoo revokes developer rights of 3, Cabal suspected. »
« Which is more stable and reliable UNIX OS?  

Sunday, 29-Nov 15:32:53 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [124] Time Warner Cable Fires Broadside At Broadcasters
· [112] New AT&T Ad Campaign Hits Back At Verizon
· [96] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [80] TiVo Sees Record Customer Losses
· [78] Verizon CEO: Hulu Will Be Dead Soon
· [77] Weekend Open Thread
· [69] In-Flight Internet Headed For Bumpy Landing?
· [63] Thanksgiving Open Thread
· [40] EFF Wages War On Fine Print
Most people now reading
· Is Easynews down? [Filesharing Software]
· Are GPS's better today? [General Questions]
· Windows 7 boot manager editing questions [Microsoft Help]
· Surfers beware !!! [TekSavvy]
· Grey Cup on the Web? [Canadian Chat]
· [NFL] Week 12 Games Thread [Sports Chat]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Idiotic neighbour [Canadian Chat]
· [Newsgroups] Newzleech down? [Filesharing Software]