LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Effects much worse for other distributions than expected

Effects much worse for other distributions than expected

Posted May 15, 2008 19:19 UTC (Thu) by nix (subscriber, #2304)
In reply to: Effects much worse for other distributions than expected by rfunk
Parent article: Debian vulnerability has widespread effects 

Er, yeah, sorry, bad phrasing. If the client (from whom you're connecting, 
which has the secret key) is not vulnerable, and the server (to which 
you're connecting, and which has the public key) is vulnerable, you are 
safe: otherwise, you are not.

(Log in to post comments)

Effects much worse for other distributions than expected

Posted May 15, 2008 20:24 UTC (Thu) by rfunk (subscriber, #4054) [Link] 

Actually I wouldn't say you're entirely safe if the server is vulnerable and you're not.  
There's still the issue of the host key, which is used to prevent the bad guys from 
pretending to be the server.  If that host key is compromised, then someone can pretend 
to be the server.  Then you're in a little trouble if they can also get your public key (it's 
treated as public, shouldn't be horribly hard), and more trouble if you're using password 
authentication.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds