Re: ssh key update IMPORTANT security advisory please read
Hi, On Thursday 15 May 2008 15:40, Dennis Gilmore wrote: users only need to create new keys if you created your key using a debian based system. keys generated on Fedora or other linux's or unix's are not susceptible and don't need replacing. That's unfortunatly only true for RSA keys, not for DSA keys. If you have used DSA keys with a broken openssl, consider your keys compromised. Read http://blog.sesse.net/blog/tech/2008-05-14-17-21_some_maths.html for an explaination. As a result of this, debian.org and freedesktop.org dont allow DSA keys at all anymore. regards, Holger pgp0275jMRENM.pgp Description: PGP signature ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
ssh key update IMPORTANT security advisory please read
Debian has published a recent security advisory regarding a documented weakeness in the Debian openssl key generation procedure: [DSA 1571-1] New openssl packages fix predictable random number generatorhttp://news.gmane.org/find-root.php?message_id=%3c87od7az9v4.fsf%5f%5f2780.18743633783%241210681384%24gmane%24org%40mid.deneb.enyo.de%3e http://article.gmane.org/gmane.linux.debian.security.announce/1614 Accordingly we are changing the host keys on all Ubuntu and Debian systems. Users should be prepared to accept the new host keys. Additionally, ALL USERS MUST generate new private/public keypairs using the patched ssl-keygen or equivalent (such as putty-keygen) and replace the public key in their ~/.ssh/authorized_keys file. This applies to users with accounts on crank, pedal, teach, grinch and all other Debian or Ubuntu boxes. If you need help, please open a ticket by emailing [EMAIL PROTECTED] with your new pub key or a link to it. Please specify which machines on which you have accounts in the message. thanks, --HH. ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: ssh key update IMPORTANT security advisory please read
On Thu, 15 May 2008, Joshua Minor wrote: Can you clarify whether keys generated on an XO need to be regenerated or not. The XO, being a Fedora-based system, is not vulnerable to this problem. -- Asheesh. -- Formatted to fit your screen. ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: ssh key update IMPORTANT security advisory please read
Can you clarify whether keys generated on an XO need to be regenerated or not. -josh On May 15, 2008, at 6:40 AM, Dennis Gilmore wrote: On Thursday 15 May 2008, Henry Hardy wrote: Debian has published a recent security advisory regarding a documented weakeness in the Debian openssl key generation procedure: [DSA 1571-1] New openssl packages fix predictable random number generatorhttp://news.gmane.org/find-root.php?message_id=% 3c87od7az9v4.fsf% 5f%5f2780.18743633783%241210681384%24gmane%24org% 40mid.deneb.enyo.de%3e http://article.gmane.org/gmane.linux.debian.security.announce/1614 Accordingly we are changing the host keys on all Ubuntu and Debian systems. Users should be prepared to accept the new host keys. Additionally, ALL USERS MUST generate new private/public keypairs using the patched ssl-keygen or equivalent (such as putty-keygen) and replace the public key in their ~/.ssh/authorized_keys file. This applies to users with accounts on crank, pedal, teach, grinch and all other Debian or Ubuntu boxes. If you need help, please open a ticket by emailing [EMAIL PROTECTED] with your new pub key or a link to it. Please specify which machines on which you have accounts in the message. thanks, --HH. users only need to create new keys if you created your key using a debian based system. keys generated on Fedora or other linux's or unix's are not susceptible and don't need replacing. This also brings up the need to use something like fas https://fedorahosted.org/fas/ which would easily allow users to change their own passwords and ssh keys. as well as simplify user management and make it easy to grant access to different hosts. Dennis ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: ssh key update IMPORTANT security advisory please read
On Thursday 15 May 2008, Joshua Minor wrote: Can you clarify whether keys generated on an XO need to be regenerated or not. -josh If you are running a standard OLPC build no. Fedora is not effected by this bug only debian and debian based distros like Ubuntu and Knoppix. The standard OLPC build is based on Fedora and is not susceptible. however if you put a debian based distro on your XO then yes you will be susceptible. Dennis signature.asc Description: This is a digitally signed message part. ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel