Re: Debian libssl security (OpenSSH safe?)

view
thread

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Otto Moerbeek <otto@...>

To: Darrin Chandler <dwchandler@...>

Cc: Ted Unangst <ted.unangst@...>, Ben Calvert <ben@...>, raven <raven@...>, <misc@...>

Subject: Re: Debian libssl security (OpenSSH safe?)

Date: Thursday, May 15, 2008 - 1:11 am

On Wed, May 14, 2008 at 07:43:25PM -0700, Darrin Chandler wrote:

quoted text> On Wed, May 14, 2008 at 10:22:11PM -0400, Ted Unangst wrote:
> > On 5/14/08, Ben Calvert <ben@flyingwalrus.net> wrote:
> > > On May 14, 2008, at 5:22 PM, Darrin Chandler wrote:
> > > > Are you sure that's a decent analysis? If you have a non-debian system
> > > > with the full number of keys available, what are the chances that you've
> > > > landed on one of the 32767 keys? Not very likely. So that analysis seems
> > > > alarmist and sensational to me.
> > 
> > Because nobody would ever run ssh-keygen on their ubuntu desktop and
> > copy that to authorized_keys on another computer.
> 
> Sure. Lots of those keys out there already. So is something like
> ssh-vulnkey the right approach? I do have a couple of users on one of my
> boxes. Mind, they're all good OpenBSD people and I really hope their
> keys didn't come from a debian box. It'll be nice to find out that the
> keys are ok.

You can use the perl script in the debian announcement to check host
keys and user keys. 

	-Otto

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Debian libssl security (OpenSSH safe?), Juan Miscaro, (Tue May 13, 11:37 am)

Re: Debian libssl security (OpenSSH safe?), Sean Malloy, (Tue May 13, 12:14 pm)

Re: Debian libssl security (OpenSSH safe?), Gabriel Linder, (Wed May 14, 3:41 am)

Re: Debian libssl security (OpenSSH safe?), Otto Moerbeek, (Wed May 14, 7:22 am)

Re: Debian libssl security (OpenSSH safe?), Ted Unangst, (Wed May 14, 7:24 am)

Re: Debian libssl security (OpenSSH safe?), raven, (Wed May 14, 7:45 pm)

Re: Debian libssl security (OpenSSH safe?), Darrin Chandler, (Wed May 14, 8:22 pm)

Re: Debian libssl security (OpenSSH safe?), Ben Calvert, (Wed May 14, 8:30 pm)

Re: Debian libssl security (OpenSSH safe?), Ted Unangst, (Wed May 14, 10:22 pm)

Re: Debian libssl security (OpenSSH safe?), Darrin Chandler, (Wed May 14, 10:43 pm)

Re: Debian libssl security (OpenSSH safe?), Otto Moerbeek, (Thu May 15, 1:11 am)

Re: Debian libssl security (OpenSSH safe?), Dave Ewart, (Thu May 15, 5:02 am)

Re: Debian libssl security (OpenSSH safe?), Tim Post, (Thu May 15, 5:44 am)

Re: Debian libssl security (OpenSSH safe?), Darrin Chandler, (Thu May 15, 9:31 am)

Re: Debian libssl security (OpenSSH safe?), Tim Post, (Fri May 16, 2:51 am)

Re: Debian libssl security (OpenSSH safe?), Ted Unangst, (Wed May 14, 11:10 pm)

Re: Debian libssl security (OpenSSH safe?), Jussi Peltola, (Wed May 14, 8:53 pm)

Re: Debian libssl security (OpenSSH safe?), Douglas A. Tutty, (Thu May 15, 9:52 am)

Re: Debian libssl security (OpenSSH safe?), Marc Espie, (Tue May 13, 1:00 pm)

More details show that someone seriously fucked up in debian..., chefren, (Tue May 13, 6:48 pm)

Re: More details show that someone seriously fucked up in de..., Damien Miller, (Thu May 15, 2:05 pm)

Re: More details show that someone seriously fucked up in de..., Otto Moerbeek, (Wed May 14, 2:47 am)

Re: More details show that someone seriously fucked up in de..., Otto Moerbeek, (Wed May 14, 7:53 am)

Navigation

Mail archive search

Popular discussions


linux-kernel:
Ingo Molnar	Re: [Announce] [patch] Modular Scheduler Core and Completely Fair Scheduler [CFS]
Jeff Garzik	Re: 2.6.20-rc6-mm3
Rafael J. Wysocki	[Bug 10629] 2.6.26-rc1-$sha1: RIP __d_lookup+0x8c/0x160
Greg Kroah-Hartman	[PATCH 001/196] Chinese: Add the known_regression URI to the HOWTO
git:
Martin Waitz	comparing file contents in is_exact_match?
Jakub Narebski	Re: VCS comparison table
Linus Torvalds	Re: [kernel.org users] [RFD] On deprecating "git-foo" for builtins
Jakub Narebski	Re: [PATCH] Port to 12 other Platforms.
openbsd-misc:
Richard Stallman	Real men don't attack straw men
GVG GVG	ssh_exchange_identification: Connection closed by remote host
Renaud Allard	very weak bridge performance
Alex Thurlow	Router performance on OpenBSD and OpenBGPD
linux-netdev:
Eric Dumazet	[PATCH] IPV4 : Move ip route cache flush (secret_rebuild) from softirq to workqueue
Jarek Poplawski	[PATCH take2][NET] ifb: set separate lockdep classes for queue locks
KOSAKI Motohiro	[bug?] tg3: Failed to load firmware "tigon/tg3_tso.bin"
Octavian Purdila	race in skb_splice_bits?

Latest forum posts


high memory	1 day ago	Linux kernel
semaphore access speed	1 day ago	Applications and Utilities
the kernel how to power off the machine	1 day ago	Linux kernel
Easter Eggs in windows XP	1 day ago	Windows
Shared swap partition	1 day ago	Linux general
Root password	1 day ago	Linux general
Where/when DNOTIFY is used?	1 day ago	Linux kernel
How to convert Linux Kernel built-in module into a loadable module	1 day ago	Linux kernel
Linux 2.6.24 and I/O schedulers	1 day ago	Linux kernel
USB Driver -- Interrupt Polling -- A Little Help Please	1 day ago	Linux general

Show all forums...

Recent Tags

Linus Torvalds Intel 2.6.27-rc8 quote Linux bugs -rc8 2.6.27 -rc

more tags

Colocation donated by:

Online users

Syndicate