[Tfug] Debian SSH vulnerability
William Stott
WStott at ventanamed.com
Tue May 13 19:06:10 MST 2008
I apologize. I should have read the article before asking.
----- Original Message -----
From: tfug-bounces at tfug.org <tfug-bounces at tfug.org>
To: tfug at tfug.org <tfug at tfug.org>
Sent: Tue May 13 18:06:11 2008
Subject: Re: [Tfug] Debian SSH vulnerability
Right. What Andy and Claude said is absolutely correct.
This is the equivalent (for me) of managing a 100-unit apartment complex
and having to replace the lock in each unit as well as having to issue
new keys to all the tenants. Only, instead of 1-2 tenants per unit,
there might be 1-20 tenants per unit.
The only thing keeping me sane besides the pot of coffee I just downed
is the fact that there's some overlap among the new keys. That is, each
of us developers needs a new private key, and the new public key needs
to be added to authorized_keys on every box (for the most part).
Thankfully, the mapping is one key per developer and not one key per
login, if you follow.
M
Claude Rubinson wrote:
> On Tue, May 13, 2008 at 05:22:35PM -0700, William Stott wrote:
>> No central patch management system for Debian?
>
> The problem is that user-generated keys may be weak. No way to
> provide a central fix for that.
>
> This is one of the most serious security problems that Debian's had in
> its history and affects SSL, SSH, VPN, DNSSEC, etc. Basically,
> anything that makes use of OpenSSL.
>
> Claude
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
_______________________________________________
Tucson Free Unix Group - tfug at tfug.org
Subscription Options:
http://www.tfug.org/mailman/listinfo/tfug_tfug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20080513/621c7bb0/attachment-0002.html>
More information about the tfug
mailing list