$ crontab -l # m h dom mon dow command 0 12 * * * /usr/bin/ssh-add -d 0 17 * * * /usr/bin/ssh-add -d $
Monday, May 19, 2008
Debian OpenSSH Vulnerability
The openssh predictable random number generator bug means that I might need to push a new key out to a lot of non-Debian-based systems or I'm open to threats and even sarcastic comics.
Luckily my main Ubuntu system was installed with Ubuntu 6.10 in Feb 2007 and that's when I generated my keys. I then proceeded with upgrades as they came out so I went to 7.10 and now 8.10. So, did 6.10 have this bug? No, it affected 7.04, 7.10 and 8.04. So the keys on this system should be fine. This is also supported by ssh-vulnkey. So my only bad key came from a laptop running Xubuntu. That key is only used on a Savannah project which the Savannah admins were kind enough to disable.
Update: Russ Cox has good comments on the bug.
While I'm on the topic of SSH key's I 'd like to mention that Ubuntu 8.10 enables the Gnome Keyring SSH Agent. All you have to do is SSH into one system and the agent caches your pass phrase. You might want to make sure you uncache your key before you get lunch or go home:
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment