ssh Access from the internet
Mike Oliver
moliver-fC0AHe2n+mcIvw5+aKnW+Pd9D2ou9A/h at public.gmane.org
Wed May 14 07:27:18 UTC 2008
Quoting Alex Maynard <maynarda-dxuVLtCph9gsA/PxXw9srA at public.gmane.org>:
> On Tue, 13 May 2008, R.T. wrote:
>
>> Speaking of which...
>> http://lists.debian.org/debian-security-announce/2008/msg00152.html
>
>
> This seems kind of important -- do I interpret it correctly that
> anyone using ssh keys on a debian based system, such as ubuntu,
> should now recreate all their keys?
Um -- could someone please explain the implications of this
to someone who doesn't know much about OpenSSL? I'm not running
any servers on my machine and don't think I ever *knowingly*
generated any openssl keys. Does that mean I don't have a problem?
What I specifically want to make sure is, if I logged into
a secure website (https) while I had the vulnerable openssl
installed, does the vulnerability matter? Or does it matter only
if the *server* is running the vulnerable version?
Thanks,
Mike
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list