Please wait while the page is being loaded Skip this advertisement >
Saturday | 30 August, 2008
ARN
How to avoid the Debian SSH key attacks
It only took two days, but viable, simple attacks against the weak Debian SSH key generation flaw have surfaced
Carl Jongsma (Computerworld) 16 May, 2008 08:35:57
Page:

ARN Directory | Distributors relevant to this article
Express Data , Unixpac
Additional Resources
ARN Library
white paper Click here for case studies, whitepapers and other useful vendor content

Newsletter Subscription

Sign up for our ARN newsletters!
The premier provider of daily news to the IT channel, covering business, technology, products, and services.
RSS Feeds

All SSH servers could be affected

There are several ways in which the weak entropy can show itself. One that is causing significant concern from a security point of view is that if a key is generated on a system while it was affected, it will remain weak even after the security fixes have been applied.

People also tend to spread keys around across systems they have access to. This means that if a user creates a key and then installs it on a remote machine, that user's account on that machine is now vulnerable in the same way.

Debian and Ubuntu have now released a blacklist of affected keys which are not allowed to login, and this blacklist is used on up to date Debian and Ubuntu machines. Other systems, such as SUSE, currently do not have a blacklist.

If administrators want to check for weak keys on their system, there is now a script that lets you quickly verify whether some of your keys are vulnerable on the Debian advisory.

Page:
ARN Directory | Distributors relevant to this article
Express Data , Unixpac
Market Place
Worry-Free™ Business Security Advanced - Safer, smarter and simpler security.
Whatever your application, Eaton is your one-stop partner for your power protection needs.
Find out how to win an IPod Touch with ARN.
Whatever your application, Eaton is your one-stop partner for your power protection needs.
Download this report and sell disaster recovery more effectively.

ARN Member Login

 
Panel Sessions

  • ARN Panel Sessions: Day 3

    The last of our panel sessions recorded live at CeBIT 2008. Today, the topic is storage. Data is growing at an enormous rate, so what does the future hold?

Play
See all Panel Sessions videos >>
ARN news

  • IFA: LG's newest TV includes Bluetooth

    Bluetooth will be installed in models in LG's PG7000-series plasma sets and LG7000-series LCD sets, which are due on sale across Europe before the end of September.

Play
See all news >>
Channel Watch

  • Brian's bloopers

    It takes a long time to produce an episode of Channel Watch. Maybe you'll understand why after watching this...

Play
See all Channel Watch videos >>
Business Continuity & Disaster Recovery Zone

When an IT disaster occurs, how handy it would be to push a button and start again as if nothing had happened.
Discover and learn more about CA XOSoft today.
ARN Vendor Directory
 
Find vendors by name | Find by category
ARN Library
Microsoft® takes legal action against software pirates

Read Material

Microsoft® takes legal action against software pirates

Recently Microsoft took legal action against individuals and resellers for distributing and selling unauthorised Microsoft software.

Sponsored Links