Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
This had nothing to do with the protocol, it was a question of a single implementation's PRNG.
Debian, OpenSSL, and a lack of cooperation
Posted May 19, 2008 13:21 UTC (Mon) by lbt (subscriber, #29672)
However this has essentially exposed a massive number of protocol 2 implementations. If I run
a non-debian ssh server I still need to upgrade to an sshd that checks the blacklist right?
Since a debian using user could have sent me her debian-generated weak public key? That
account is now unsafe?
So if I make or allow a protocol 2 connection on a non-debian machine am I safe? Maybe; maybe
So bump the protocol and rest assured that anything accepting or making a protocol 2+
connection was implemented after the faulty PRNG debacle and move on.
Would it also avoid the blacklist - no blacklist lookup needed for protocol 2+ ?
I am not, by any means, a naive user - and yet I can't be sure I've correctly updated all my
systems. The fix is complex and subject to human error.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds