Debian Developers - Re: new host key?: Re: compromise of gluck.debian.org, lock down of other debian.org m

This is Interesting: Free IT Magazines  
Home > Archive > Debian Developers > July 2006 > Re: new host key?: Re: compromise of gluck.debian.org, lock down of other debian.org m





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Re: new host key?: Re: compromise of gluck.debian.org, lock down of other debian.org m
Russ Allbery

2006-07-30, 7:30 am

Osamu Aoki <osamu@debian.org> writes:

> PS: It would have been nicer if old hosk identification was backuped and
> used in new system.

Well, not if the system had a root compromise. The attacker must be
assumed to have the private host key, which means that reusing the same
key would allow them to attack future ssh connections to the system.

--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com