Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
Er, yeah, sorry, bad phrasing. If the client (from whom you're connecting,
which has the secret key) is not vulnerable, and the server (to which
you're connecting, and which has the public key) is vulnerable, you are
safe: otherwise, you are not.
Effects much worse for other distributions than expected
Posted May 15, 2008 20:24 UTC (Thu) by rfunk (subscriber, #4054)
Actually I wouldn't say you're entirely safe if the server is vulnerable and you're not.
There's still the issue of the host key, which is used to prevent the bad guys from
pretending to be the server. If that host key is compromised, then someone can pretend
to be the server. Then you're in a little trouble if they can also get your public key (it's
treated as public, shouldn't be horribly hard), and more trouble if you're using password
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds