ssh key vulnerability on Ubuntu/Debian systems

nextgen

Hi there,
Did you see the announcement that tools circulate that crack Debian, Ubuntu keys? This seems like a major security issue. I'm wondering if Gentoo is also affected. Can someone shed light on reasons why Gentoo users should or should not worry about this?
Thanks.

mosburn · n00b Joined: 27 Jul 2007 Posts: 22 Location: Denver

There is some discussion over at https://bugs.gentoo.org/show_bug.cgi?id=221759 about this issue. Basically gentoo itself is not vulnerable to this but any user that generated their authorized key between 2006 and today on a debian based box is vulnerable. In the comments on the bug there is a script to check if any of your authorized keys are vulnerable and remove them.

nextgen · Posted: Sat May 17, 2008 1:22 am Post subject:

Thanks for the link.

I also find this interesting analysis of the issue, which helped me understand a little better what happened.