SSH Problems

So, I've written about automatically logging in with stored ssh keys and also about the Linksys NSLU2 Slug with Debian. Today, the combination of the two are important, as CERT alerted me to a new security hole in Debian and Ubuntu, and the fix for it.

When an SSH key is created, it generates a random number, and then builds the key based on that number. The problem is that the random number generator in Debian wasn't producing completely random numbers, and that meant the secure keys aren't completely random, and aren't completely secure. Ubuntu is based on Debian, so this applies there as well.

Anyways, the fix is simple enough; update the machine, and re-generate your keys.

No comments: