Centralized Authentication (was Re: ssh key update security advisory)

Ixo X oxI ixo at myna.ws
Sun May 18 15:43:32 EDT 2008


FYI,
   I put in a TRAC ticket on something similar...

      https://dev.laptop.org/ticket/6506

Several months ago,  not sure if it ever went anywhere...

-iXo

2008/5/15 Dennis Gilmore <dennis at ausil.us>:

> On Thursday 15 May 2008, Henry Hardy wrote:
> > Debian has published a recent security advisory regarding a documented
> > weakeness in the Debian openssl key generation procedure:
> >
> > [DSA 1571-1] New openssl packages fix predictable random number
> > generator<
> http://news.gmane.org/find-root.php?message_id=%3c87od7az9v4.fsf%
> >5f%5f2780.18743633783%241210681384%24gmane%24org%40mid.deneb.enyo.de%3e>
> >
> > http://article.gmane.org/gmane.linux.debian.security.announce/1614
> >
> > Accordingly we are changing the host keys on all Ubuntu and Debian
> systems.
> > Users should be prepared to accept the new host keys.
> >
> > Additionally, ALL USERS MUST generate new private/public keypairs using
> the
> > patched ssl-keygen or equivalent (such as putty-keygen) and replace the
> > public key in their ~/.ssh/authorized_keys file. This applies to users
> with
> > accounts on crank, pedal, teach, grinch and all other Debian or Ubuntu
> > boxes.
> >
> > If you need help, please open a ticket by emailing sysadmin at laptop.orgwith
> > your new pub key or a link to it. Please specify which machines on which
> > you have accounts in the message.
> >
> > thanks,
> >
> > --HH.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.laptop.org/pipermail/devel/attachments/20080518/32b6e2a8/attachment.html>


More information about the Devel mailing list