[MLUG] Debian SSH root access keys

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: MLUG membership <EMAIL:PROTECTED>
Subject: [MLUG] Debian SSH root access keys
From: Mike Miller <EMAIL:PROTECTED>
Date: Thu, 15 May 2008 18:18:08 -0500 (CDT)
Delivery-date: Thu, 15 May 2008 18:18:32 -0500
Envelope-to: EMAIL:PROTECTED
Reply-to: MLUG Members <EMAIL:PROTECTED>
Sender: EMAIL:PROTECTED

No time to get the details but here's the basic idea...

We had a message telling us that our Ubuntu box is probably vulnerable to a Debian vulnerability where there are only a few SSH keys for root and there is now a script that tests all of them in about an hour. I guess there is some kind of bizarre error in the key generation process on some systems that causes them to make only a few possible keys.

http://community.livejournal.com/evan_tech/250810.html

I personally never let people log in as root. Sometimes people say that is too restrictive, but today I feel vindicated.

Mike

_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members

Follow-Ups:
- Re: [MLUG] Debian SSH root access keys
  - From: Jack Smith <EMAIL:PROTECTED>
- Re: [MLUG] Debian SSH root access keys
  - From: "Mark Rages" <EMAIL:PROTECTED>
- Re: [MLUG] Debian SSH root access keys
  - From: Daniel Nowlin <EMAIL:PROTECTED>

Prev by Date: Re: [MLUG] the death of SMTP+POP+IMAP
Next by Date: Re: [MLUG] Debian SSH root access keys
Previous by thread: Re: [MLUG] the death of SMTP+POP+IMAP
Next by thread: Re: [MLUG] Debian SSH root access keys
Index(es):
- Date
- Thread