[maemo-developers] OpenSSH vulnerability and maemo extras upload accounts.
From: Loïc Minier lool at dooz.orgDate: Tue May 20 12:40:06 EEST 2008
- Previous message: OpenSSH vulnerability and maemo extras upload accounts.
- Next message: auto-start application
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, May 20, 2008, Dave Neary wrote: > On a server, you have your private SSH key, and someone else adds an > infected public SSH key to authorized_keys. By induction, your key is no > longer trustworthy, since someone could have connected to your server > via the untrustworthy key. That's pushing quite far; however if you have been using a private DSA key with a weak openssl at any time, you should drop it for sure, and you should drop all keys generated with a borken openssl. See <http://wiki.debian.org/SSLkeys>. I'd also recommend all servers to upgrade to a version of OpenSSH which allows rejecting vulnerable keys and to scan authorized_keys file for such keys. -- Loïc Minier
- Previous message: OpenSSH vulnerability and maemo extras upload accounts.
- Next message: auto-start application
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]