Debian fumble jeopardizes all sshd-equipped servers

As has been widely reported, the maintainers of Debian's OpenSSL packages made some errors recently that have potentially compromised the security of any sshd-equipped system used remotely by Debian users. System administrators may wish to purge authorized_key files of public keys generated since 2006 by affected client machines. Simply using a Debian-based machine to access a remote server via SSH would not be enough to put the machine at risk. However, if the user copied a public key generated on a Debian-based system to the remote server, for example to take advantage of the higher security offered by password-free logins, then the weak key could make the server susceptible to brute-force attacks, especially if the user's name is easily guessable.

Written by admin on May 17th, 2008 with no comments.
Read more articles on Uncategorized.

• [+] Digg: Feature this article
• [+] Del.icio.us: Bookmark this article
• [+] Furl: Bookmark this article

Related articles

• Be a Productive Linux User (August 28th, 2008)
• Linux and sex battle it out in Utah (August 28th, 2008)
• Easy file uploads with Droopy (August 28th, 2008)
• 10 fundamental differences between Linux and Windows (August 28th, 2008)
• Schmatte Couture (August 28th, 2008)