Thursday | 16 October, 2008
ARN
How to avoid the Debian SSH key attacks
It only took two days, but viable, simple attacks against the weak Debian SSH key generation flaw have surfaced
Carl Jongsma (Computerworld) 16 May, 2008 08:35:57
Page:

ARN Directory | Distributors relevant to this article
Express Data , Unixpac
Additional Resources
ARN Library
white paper Click here for case studies, whitepapers and other useful vendor content

Newsletter Subscription

Sign up for our ARN newsletters!
The premier provider of daily news to the IT channel, covering business, technology, products, and services.
Delivered Monday, ARN Security is the only channel-specific weekly security service dedicated to the Australian IT channel.
RSS Feeds

All SSH servers could be affected

There are several ways in which the weak entropy can show itself. One that is causing significant concern from a security point of view is that if a key is generated on a system while it was affected, it will remain weak even after the security fixes have been applied.

People also tend to spread keys around across systems they have access to. This means that if a user creates a key and then installs it on a remote machine, that user's account on that machine is now vulnerable in the same way.

Debian and Ubuntu have now released a blacklist of affected keys which are not allowed to login, and this blacklist is used on up to date Debian and Ubuntu machines. Other systems, such as SUSE, currently do not have a blacklist.

If administrators want to check for weak keys on their system, there is now a script that lets you quickly verify whether some of your keys are vulnerable on the Debian advisory.

Page:
Market Place
POS POS is the leading value-added distributor of point of sale & point of service technologies in ANZ.
Worry-Free™ Business Security Advanced - Safer, smarter and simpler security.
Find out how to win an IPod Touch with ARN.
Kaspersky Internet Security 2009 released - with virtual keyboard for safe entry of passwords. Try it..

ARN Member Login

 
Panel Sessions

  • ARN Panel Sessions: Day 3

    The last of our panel sessions recorded live at CeBIT 2008. Today, the topic is storage. Data is growing at an enormous rate, so what does the future hold?

Play
See all Panel Sessions videos >>
ARN news
Play
See all news >>
Channel Watch

  • Brian's bloopers

    It takes a long time to produce an episode of Channel Watch. Maybe you'll understand why after watching this...

Play
See all Channel Watch videos >>
Business Continuity & Disaster Recovery Zone

When an IT disaster occurs, how handy it would be to push a button and start again as if nothing had happened.
Discover and learn more about CA XOSoft today.
ARN Vendor Directory
 
Find vendors by name | Find by category
ARN Library
V/Line and Oakton use Microsoft SQL Server 2008 to develop an Executive HR Dashboard

Read Material

V/Line and Oakton use Microsoft SQL Server 2008 to develop an Executive HR Dashboard

With the help of Oakton, V/Line - Victoria's regional public transport provider - utilised Microsoft SQL Server 2008 to develop an Executive HR Dashboard report.

Sponsored Links