Re: Debian libssl security (OpenSSH safe?)

view
thread

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Jussi Peltola <pelzi@...>

To: <misc@...>

Subject: Re: Debian libssl security (OpenSSH safe?)

Date: Wednesday, May 14, 2008 - 8:53 pm

On Wed, May 14, 2008 at 05:30:18PM -0700, Ben Calvert wrote:
quoted text> On May 14, 2008, at 5:22 PM, Darrin Chandler wrote:
> 
> >On Thu, May 15, 2008 at 01:45:51AM +0200, raven wrote:
> >>
> >>A decent analysis can be found here... just to understand what can  
> >>do a
> >>comment /* */  :)
> >>http://blog.drinsama.de/erich/en/linux/2008051401-consequences-of-sslssh-weakness.html
> >
> >Are you sure that's a decent analysis? If you have a non-debian system
> >with the full number of keys available, what are the chances that  
> >you've
> >landed on one of the 32767 keys? Not very likely. So that analysis  
> >seems
> >alarmist and sensational to me.

Your users may very well have keys generated on debian based systems.
I don't know about you, but I don't want just anyone getting a luser account
on my systems.

quoted text> and it only applies if you're using keys _without_passphrase_.  on  
> your root account.
Umm, no? What does the passphrase have to do with this...

quoted text> do people actually allow remote root access ?  for more than 5 minutes  
> after install?

Too many people still use SSH public keys for root in automated scripts.
Besides, cracking your normal user account can result in just as bad
consequences as cracking the root account, especially if you su or sudo
to root...

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Debian libssl security (OpenSSH safe?), Juan Miscaro, (Tue May 13, 11:37 am)

Re: Debian libssl security (OpenSSH safe?), Sean Malloy, (Tue May 13, 12:14 pm)

Re: Debian libssl security (OpenSSH safe?), Gabriel Linder, (Wed May 14, 3:41 am)

Re: Debian libssl security (OpenSSH safe?), Otto Moerbeek, (Wed May 14, 7:22 am)

Re: Debian libssl security (OpenSSH safe?), Ted Unangst, (Wed May 14, 7:24 am)

Re: Debian libssl security (OpenSSH safe?), raven, (Wed May 14, 7:45 pm)

Re: Debian libssl security (OpenSSH safe?), Darrin Chandler, (Wed May 14, 8:22 pm)

Re: Debian libssl security (OpenSSH safe?), Ben Calvert, (Wed May 14, 8:30 pm)

Re: Debian libssl security (OpenSSH safe?), Ted Unangst, (Wed May 14, 10:22 pm)

Re: Debian libssl security (OpenSSH safe?), Darrin Chandler, (Wed May 14, 10:43 pm)

Re: Debian libssl security (OpenSSH safe?), Otto Moerbeek, (Thu May 15, 1:11 am)

Re: Debian libssl security (OpenSSH safe?), Dave Ewart, (Thu May 15, 5:02 am)

Re: Debian libssl security (OpenSSH safe?), Tim Post, (Thu May 15, 5:44 am)

Re: Debian libssl security (OpenSSH safe?), Darrin Chandler, (Thu May 15, 9:31 am)

Re: Debian libssl security (OpenSSH safe?), Tim Post, (Fri May 16, 2:51 am)

Re: Debian libssl security (OpenSSH safe?), Ted Unangst, (Wed May 14, 11:10 pm)

Re: Debian libssl security (OpenSSH safe?), Jussi Peltola, (Wed May 14, 8:53 pm)

Re: Debian libssl security (OpenSSH safe?), Douglas A. Tutty, (Thu May 15, 9:52 am)

Re: Debian libssl security (OpenSSH safe?), Marc Espie, (Tue May 13, 1:00 pm)

More details show that someone seriously fucked up in debian..., chefren, (Tue May 13, 6:48 pm)

Re: More details show that someone seriously fucked up in de..., Damien Miller, (Thu May 15, 2:05 pm)

Re: More details show that someone seriously fucked up in de..., Otto Moerbeek, (Wed May 14, 2:47 am)

Re: More details show that someone seriously fucked up in de..., Otto Moerbeek, (Wed May 14, 7:53 am)

Navigation

Mail archive search

Popular discussions


linux-kernel:
Andi Kleen	[PATCH] [16/22] x86: Move swsusp __pa() dependent code to arch portion
Nick Piggin	[patch 5/6] mm: merge nopfn into fault
Chuck Ebbert	Wanted: simple, safe x86 stack overflow detection
Balbir Singh	Re: 2.6.23-rc7-mm1 - 'touch' command causes Oops.
git:
Junio C Hamano	Re: [PATCH resend] make "git push" update origin and mirrors, "git push --mirror" ...
David Kastrup	Re: [OT] Re: C++ for Git
Bryan Donlan	[PATCH 0/8] Fix git's test suite to pass when the path contains spaces
Davide Libenzi	Re: First cut at git port to Cygwin
openbsd-misc:
Khalid Schofield	Configuring sendmail openbsd 4.2
Richard Stallman	Real men don't attack straw men
Jake Conk	Setting up ccd RAID 1 Howto OpenBSD 4.1
Thilo Pfennig	OpenBSD project goals
linux-activists:
Jim Winstead Jr.	Re: Root Disk/Book Disk Compatibility
Howard Wei-Hao Pan	[Q] Does Linux work with PCMCIA devices?
Curtis Yarvin	Re: Problem with UNCOMPRESS
Linus Benedict Torvalds	Re: trouble booting 0.11 (continued)

Latest forum posts


How to exec user process in kernel mode.	1 day ago	Linux kernel
[IPSEC]IPSEC_MANUAL_REQID_MAX	1 day ago	Linux kernel
help in UDP catching module..	2 days ago	Linux kernel
Is there anything like Real-time drivers?	4 days ago	Linux general
ns16550 serail console in Linux 2.6.19	4 days ago	Linux general
what class should i use to register my devices	4 days ago	Linux kernel
reset bios pasword toshiba	5 days ago	Hardware
Analysis of Process Scheduling	5 days ago	Linux kernel
RT Kernel and SSH Server Panics	5 days ago	Linux kernel
Resetting the bios password for Toshiba Laptop	6 days ago	Hardware

Show all forums...

Recent Tags

Linus Torvalds Andrew Morton Daniel Phillips filesystem quote H. Peter Anvin -rc5 2.6.27-rc5 -rc Tux3 2.6.27 Linux -rc4

more tags

Colocation donated by:

Online users

Syndicate