[UCI-Linux] Debian/Ubuntu ssh key issue
Mike Iglesias
iglesias at uci.edu
Wed May 14 10:18:02 PDT 2008
A problem has been found with the OpenSSL package on Debian and Ubuntu systems
that can cause predictable ssh keys to be generated. This can result in
unauthorized access to a system running Debian or Ubuntu Linux.
If you are running Debian or Ubuntu Linux, you should apply the patches for
your release and regenerate host keys and user keys to be sure that the keys
are good. A key checking tool is included in the Ubuntu update and is
available from Debian to test keys if necessary, but you will be better off in
the long run if you regenerate them. If any user keys have been moved to
another system, those keys need to be replaced as well.
For more information see
http://www.ubuntu.com/usn/usn-612-2
http://article.gmane.org/gmane.linux.debian.security.announce/1614
--
Mike Iglesias Email: iglesias at uci.edu
University of California, Irvine phone: 949-824-6926
Network & Academic Computing Services FAX: 949-824-2270
More information about the UCI-Linux
mailing list