La actualización de Ubuntu salida hoy hace esto automaticamente para el servidor, y te provee la herramienta para chequear las llaves personales.
Saludos, Servilio On Tue, May 13, 2008 at 5:16 PM, Carlos Javier Borroto <[EMAIL PROTECTED]> wrote: > http://daviey.mooo.com/blogroll/weak-ssh-key.html > > Weak SSH key? > All, Blogroll, bitfolk, hantslug, lugradio, ubuntu, ubuntu-uk Add comments > > EDIT: As per > https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-May/000706.html > , upgrading the package will test the sshd key, amongst other things. > > It would appear that the openssl algorithm used to generate the ssh or > ssl keys for Ubuntu and Debian isn't as random as required to be > secure, and is therefore vulnerable to brute force attack. > > As outlined: http://www.ubuntu.com/usn/usn-612-1 > > Thankfully Debian security team have written a pretty nifty perl > script to help find if your keys are weak! > > So ensure you have upgraded to the latest libssl0.9.8 package (as > outlined in the USN) then: > > To test the public key fingerprint on a server, do the following: > > $ wget http://security.debian.org/project/extra/dowkd/dowkd.pl.gz > $ gunzip dowkd.pl.gz > $ chmod +x dowkd.pl > $ ./dowkd.pl file /etc/ssh/ssh_host_{dsa,rsa}_key.pub 2>/dev/null > > This will tell you if the public key is weak. If it is, you should > move/remove the key pair, then generate a new pair with: > > $ sudo dpkg-reconfigure -plow openssh-server > > Authorized keys, that can login using key based authentication. > > $ ./dowkd.pl file ~/.ssh/authorized_keys 2>/dev/null > > This will return any weak keys that are authorized to login using key > based authentication, these entries should be removed and a new one > generated and added to the file. > > To see if your own user key(s) is vulnerable: > > $ ./dowkd.pl file ~/.ssh/id_{rsa,dsa}.pub 2>/dev/null > > If it is, you should remove the key - and create a new one using > "ssh-keygen", and redistribute the public key (including to > Launchpad) > > NOTE: you should test all user keys on the system. Might be worth > saving any weak key's, incase you do get locked out of a system. > > Please pass this on to anyone using SSH. > > EDIT: As per > https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-May/000706.html > , upgrading the package will test the sshd key, amongst other things. > > > > Por cierto la mia era de las flojitas: > [EMAIL PROTECTED]:~$ perl dowkd.pl file .ssh/authorized_keys > .ssh/authorized_keys:1: weak key > > slds > -- > Carlos Javier > Habana, CUBA > _______________________________________________ > Cancelar suscripción > https://listas.softwarelibre.cu/mailman/listinfo/linux-l > Buscar en el archivo > http://listas.softwarelibre.cu/buscar/linux-l > -- Servilio Afre Puentes B.Sc. Computer Science Phone: (905) 531-2668 Web: http://servilio.latertulia.org/ _______________________________________________ Cancelar suscripción https://listas.softwarelibre.cu/mailman/listinfo/linux-l Buscar en el archivo http://listas.softwarelibre.cu/buscar/linux-l
