How to avoid the Debian SSH key attacks

It only took two days, but viable, simple attacks against the weak Debian SSH key generation flaw have surfaced

All SSH servers could be affected

There are several ways in which the weak entropy can show itself. One that is causing significant concern from a security point of view is that if a key is generated on a system while it was affected, it will remain weak even after the security fixes have been applied.

People also tend to spread keys around across systems they have access to. This means that if a user creates a key and then installs it on a remote machine, that user's account on that machine is now vulnerable in the same way.

Debian and Ubuntu have now released a blacklist of affected keys which are not allowed to login, and this blacklist is used on up to date Debian and Ubuntu machines. Other systems, such as SUSE, currently do not have a blacklist.

If administrators want to check for weak keys on their system, there is now a script that lets you quickly verify whether some of your keys are vulnerable on the Debian advisory.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about DebianIPSLinuxRSASSHSuseUbuntu

Show Comments