Skip to content

The OpenSSL Vulnerability

I recently established my network to use SSH connections. My three Ubuntu systems I discovered were using weak keys that had been generated using the flawed packages. If you haven’t been paying attention, Canonical issued USN-612-1 on 5/13/2008. If you’re using keys that have been generated since September 2006, it’s likely that you need to regenerate all keys. If you have any doubts, I encourage you to regenerate all keys. It will affect any key used that was generated on a compromised system. The biggest trouble for me was getting OpenSSL and OpenSSH-server packages to update. I used the ssh-copy-id command to make it the process easy for me.

Google Buzz
This was written by admin. Posted on Tuesday, May 20, 2008, at 8:00 am. Filed under Canonical, Debian, OpenSSH, SSH, Security. Bookmark the permalink. Follow comments here with the RSS feed. Post a comment or leave a trackback.

One Trackback/Pingback

  1. Ubuntu For Free :: Upgrade from Gutsy to Hardy on Wednesday, May 21, 2008 at 1:50 pm

    [...] have admittedly put it off for way too long. The recent OpenSSL Vulnerability with weak keys prompted me to change that on one of my systems. I was forced to use dist-upgrade [...]

Post a Comment

Your email is never published nor shared. Required fields are marked *
*
*