[Tfug] Debian SSH vulnerability

Andrew Ayre andy at britishideas.com
Tue May 13 17:36:38 MST 2008


Patching the faulty code doesn't regenerate the SSH keys for you... The 
problem is in the application but requires regeneration of all data from 
that application...

BTW it is possible to get truly random values, but requires some 
specialised hardware (like an ADC and untuned antenna for example).

Andy

William Stott wrote:
> No central patch management system for Debian?
> 
> ----- Original Message -----
> From: Matt Jacob <m at mattjacob.com>
> To: William Stott
> Cc: tfug at tfug.org <tfug at tfug.org>
> Sent: Tue May 13 17:11:22 2008
> Subject: Re: [Tfug] Debian SSH vulnerability
> 
> William Stott wrote:
>  > Nothing in computer land is truly random anyways...
> 
> Yeah, but for those of us who manage Debian boxes, this is a royal PITA
> and something I will literally spend several days fixing.
> 
> Matt
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org

-- 
Andy
PGP Key ID: 0xDC1B5864




More information about the tfug mailing list