SSH keys

There is a lot of talking and blogging in the Debian and Ubuntu community about USN-612-1. It turned out that the random number generator from openssl isn’t that random.

I followed the intructions in this post: Weak SSH key? I found at the Ubuntu Planet to test if my keys were weak. But the commands in that post never returned anything, so I assumed that my key wasn’t vulnerable. But when I went to Launchpad to disable my other SSH key that I can’t check at the moment I found out that all my keyes were removed. When I asked at #launchpad @ freenode if all keys were removed I was told that only vulnerable keys were removed. So I checked the script for other commands and ./dowkd.pl indeed did gave a list of possible commands. When I ran ./dowkd.pl user the script did return that my key was vulnerable.

I’ve removed the content from ~/.ssh and am currently generating a new key. I hope this issue won’t cause any big problems in the future.

Leave a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.