Can add me to the list of people hosed by Heroku's vulnerable key check failing miserably. I have a key generated on Fedora which is unaffected by the Debian openssl/openssh vulnerable. Nonetheless I've tested my keys anyway and none of them are listed as vulnerable yet Heroku's servers continue to reject it. I even generated a new key and tried uploading it and was subsequently rejected. This is a Fedora 9 box with the latest patches applied and again I repeat the original vulnerability was against Debian and Debian-derived distributions.
On May 20, 9:42 pm, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > I have same problem. ssh-vulkey shows no blacklisted keys but when > I'm trying git pull a receive access denied message. > > On 20 maio, 22:26, Matthew Williams <[EMAIL PROTECTED]> > wrote: > > > I believe I'm patched and not showing any vulnerable keys but every > > key I'm trying to upload gets denied... > > > Thoughts? > > > Running the latest Ubuntu release that appears to be patched (all > > updates have been run, ssh-vulkey shows no blacklisted keys). I've > > wiped my .ssh dir and regenerated everything > > > On May 19, 9:41 pm, "Adam Wiggins" <[EMAIL PROTECTED]> wrote: > > > > You guys may know about the Debian ssh key vulnerability announced last > > > week: > > > >http://www.ubuntu.com/usn/usn-612-2 > > > > If you haven't, here's the quick summary: keys generated on Debian and > > > Debian-derived distros, including Ubuntu, may be weak. We've thereby > > > had to revoke any weak keys that have been uploaded to us in the past, > > > as well as regenerate our own host keys. > > > > The two ways this will affect you is: > > > > - You'll get a host-key has change / man-in-the-middle message when > > > you try to do git push, git pull, or heroku clone. This looks like > > > this on openssh: > > > > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > > > > Edit your .ssh/known_hosts file to remove the line with the heroku.com > > > host key, or just delete the entire file. > > > > - If your key is weak, you'll get a permission denied now. Regenerate > > > your key (i.e., ssh-keygen -t rsa or dsa) and run heroku > > > upload_authkey. > > > > Adam --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Heroku" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/heroku?hl=en -~----------~----~----~----~------~----~------~--~---
