[UCI-Linux] More on Debian/Ubuntu ssh issue
iglesias at uci.edu
Thu May 15 16:39:31 PDT 2008
As I noted the other day, there is an issue with the way ssh keys are
generated on Debian, Ubuntu, and any Linux system based on Debian over the
last couple of years that makes them easy to guess.
If you are using the "publickey" method of logging in via ssh, and your key
was generated on a Debian-base system (or the host key was), you are
vulnerable to having your account broken in to. This is especially bad if you
are using this to access root.
There are tables and programs out now to brute-force ssh keys, so if you have
not regenerated your ssh keys and your system has ssh open in Server
Registration, your system is vulnerable to being compromised.
Mike Iglesias Email: iglesias at uci.edu
University of California, Irvine phone: 949-824-6926
Network & Academic Computing Services FAX: 949-824-2270
More information about the UCI-Linux