Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for December 5, 2013
Deadline scheduling: coming soon?
LWN.net Weekly Edition for November 27, 2013
ACPI for ARM?
LWN.net Weekly Edition for November 21, 2013
See http://lwn.net/Articles/222201/, and accept only certificates for SSH.
Brute-Force SSH Server Attacks Surge (InformationWeek)
Posted May 15, 2008 1:05 UTC (Thu) by csamuel (✭ supporter ✭, #2624)
Except that, according to
the Metasploit project, on Debian/Ubuntu boxes with broken
When creating a new OpenSSH key, there are only 32,767
possible outcomes for a given architecture, key size, and key type. The
reason is that the only "random" data being used by the PRNG is the ID of
the process. [...] Links to the pregenerated key sets for 1024-bit DSA
and 2048-bit RSA keys (x86) are provided in the downloads section
...and if you've used such a system with a good DSA key then you can
consider that compromised too.
Posted May 15, 2008 19:39 UTC (Thu) by pcampe (guest, #28223)
>Except that, according to the Metasploit project, on Debian/Ubuntu boxes
>with broken OpenSSL
That is an implementation problem, limited to Debian and derivated systems. Certificates are
the only way to be sure that your server is not password-guessed.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds