[UCI-Linux] Debian/Ubuntu ssh key issue

Mike Iglesias iglesias at uci.edu
Wed May 14 10:18:02 PDT 2008


A problem has been found with the OpenSSL package on Debian and Ubuntu systems 
that can cause predictable ssh keys to be generated.  This can result in 
unauthorized access to a system running Debian or Ubuntu Linux.

If you are running Debian or Ubuntu Linux, you should apply the patches for 
your release and regenerate host keys and user keys to be sure that the keys 
are good.  A key checking tool is included in the Ubuntu update and is 
available from Debian to test keys if necessary, but you will be better off in 
the long run if you regenerate them.  If any user keys have been moved to 
another system, those keys need to be replaced as well.

For more information see

http://www.ubuntu.com/usn/usn-612-2
http://article.gmane.org/gmane.linux.debian.security.announce/1614


-- 
Mike Iglesias                          Email:       iglesias at uci.edu
University of California, Irvine       phone:       949-824-6926
Network & Academic Computing Services  FAX:         949-824-2270



More information about the UCI-Linux mailing list