View previous topic :: View next topic |
Author |
Message |
nextgen Tux's lil' helper
Joined: 17 Jun 2004 Posts: 107 Location: Montreal, Quebec, Canada
|
Posted: Fri May 16, 2008 3:06 pm Post subject: ssh key vulnerability on Ubuntu/Debian systems |
|
|
Hi there,
Did you see the announcement that tools circulate that crack Debian, Ubuntu keys? This seems like a major security issue. I'm wondering if Gentoo is also affected. Can someone shed light on reasons why Gentoo users should or should not worry about this?
Thanks. |
|
Back to top |
|
|
mosburn n00b
Joined: 27 Jul 2007 Posts: 22 Location: Denver
|
Posted: Fri May 16, 2008 3:37 pm Post subject: |
|
|
There is some discussion over at https://bugs.gentoo.org/show_bug.cgi?id=221759 about this issue. Basically gentoo itself is not vulnerable to this but any user that generated their authorized key between 2006 and today on a debian based box is vulnerable. In the comments on the bug there is a script to check if any of your authorized keys are vulnerable and remove them. |
|
Back to top |
|
|
nextgen Tux's lil' helper
Joined: 17 Jun 2004 Posts: 107 Location: Montreal, Quebec, Canada
|
Posted: Sat May 17, 2008 1:22 am Post subject: |
|
|
Thanks for the link.
I also find this interesting analysis of the issue, which helped me understand a little better what happened. |
|
Back to top |
|
|
|