On Tue, May 20, 2008 at 08:45:20PM +0100, Alexandros Papadopoulos wrote:
> a) How/why were my active connections to the server killed right after
> upgrading and
Don't know, I've never seen this behaviour on a debian system.
> b) Why I am not allowed access now that I try to utilise the simplest
OoO En cette nuit nuageuse du mercredi 21 mai 2008, vers 01:32, Kees
Cook <[EMAIL PROTECTED]> disait:
> * Add empty DSA-2048, since they weren't any bad ones.
How is it possible?
Thanks.
--
BOFH excuse #63:
not properly grounded, please bury computer
pgp3twM6bO48f.pgp
Description: PGP sig
On Tue, May 20, 2008 at 6:38 PM, Kim N. Lesmer <[EMAIL PROTECTED]> wrote:
> On Tue, 20 May 2008 20:45:20 +0100
> "Alexandros Papadopoulos" <[EMAIL PROTECTED]> wrote:
>
>> 3. Testing to see if you can still get on to a server is exactly what
>> I would have done, if my connection had not been killed
On Tue, 20 May 2008 20:45:20 +0100
"Alexandros Papadopoulos" <[EMAIL PROTECTED]> wrote:
> 3. Testing to see if you can still get on to a server is exactly what
> I would have done, if my connection had not been killed by the server
> itself a few seconds after upgrading the packages. This happened
-Original Message-
From: [EMAIL PROTECTED] (Thijs Kinkhorst)
Sent: Tue, 20 May 2008 19:32:39 +0200 (CEST)
To: [EMAIL PROTECTED]
Received: Tue, 20 May 2008 19:32:39 +0200 (CEST)
Subject: [SECURITY] [DSA 1583-1] New gnome-peercast packages fix several
vulnerabilities
-BEGIN PGP SIGN
-Original Message-
From: [EMAIL PROTECTED] (Thijs Kinkhorst)
Sent: Tue, 20 May 2008 19:32:39 +0200 (CEST)
To: [EMAIL PROTECTED]
Received: Tue, 20 May 2008 19:32:39 +0200 (CEST)
Subject: [SECURITY] [DSA 1583-1] New gnome-peercast packages fix several
vulnerabilities
-BEGIN PGP SIGN
-Original Message-
From: [EMAIL PROTECTED] (Thijs Kinkhorst)
Sent: Tue, 20 May 2008 19:32:39 +0200 (CEST)
To: [EMAIL PROTECTED]
Received: Tue, 20 May 2008 19:32:39 +0200 (CEST)
Subject: [SECURITY] [DSA 1583-1] New gnome-peercast packages fix several
vulnerabilities
-BEGIN PGP SIGN
-Original Message-
From: [EMAIL PROTECTED] (Thijs Kinkhorst)
Sent: Tue, 20 May 2008 19:32:39 +0200 (CEST)
To: [EMAIL PROTECTED]
Received: Tue, 20 May 2008 19:32:39 +0200 (CEST)
Subject: [SECURITY] [DSA 1583-1] New gnome-peercast packages fix several
vulnerabilities
-BEGIN PGP SIGN
OoO En ce début de soirée du mardi 20 mai 2008, vers 21:45, "Alexandros
Papadopoulos" <[EMAIL PROTECTED]> disait:
> 3. Testing to see if you can still get on to a server is exactly what
> I would have done, if my connection had not been killed by the server
> itself a few seconds after upgrading
Jag kommer inte att vara på kontoret från 05/20/2008 och kommer inte
tillbaka förrän 05/22/2008.
Mvh
Amir
Unfortunately my question has still not been answered.
1. What's the information in /usr/share/doc/openssh-server that is so
enlightening? I don't have access to a debian machine right now so
would be nice to know. Tried downloading from
http://packages.debian.org/etch/openssh-server to no avail.
Hi Christoph,
On Tue, May 20, 2008 at 05:56:56PM +0200, Christoph Martin wrote:
> Alberto Gonzalez Iniesta schrieb:
> > The package is being build by its original author (Jamie) and everything
> > got started when the OpenVPN maintainer (me) decided to add secret/key
> > file validation like the o
Hi Alberto,
Alberto Gonzalez Iniesta schrieb:
> The package is being build by its original author (Jamie) and everything
> got started when the OpenVPN maintainer (me) decided to add secret/key
> file validation like the one on the Ubuntu package. Since those
> validations required open(ssl|vpn)-b
On Tue, May 20, 2008 at 04:48:43PM +0200, Christoph Martin wrote:
> Hi Alberto,
>
> Alberto Gonzalez Iniesta schrieb:
> > On Mon, May 19, 2008 at 01:13:46PM +0200, Christoph Martin wrote:
> >> The Ubuntu openssl maintainers released a openssl-blacklist equivalent
> >> to the openssh-blacklist pack
Hi Alberto,
Alberto Gonzalez Iniesta schrieb:
> On Mon, May 19, 2008 at 01:13:46PM +0200, Christoph Martin wrote:
>> The Ubuntu openssl maintainers released a openssl-blacklist equivalent
>> to the openssh-blacklist package. It includes a blacklist with
>> compromised openssl key hashes and a prog
The Ubuntu openssl maintainers released a openssl-blacklist equivalent
to the openssh-blacklist package. It includes a blacklist with
compromised openssl key hashes and a program with a openssl-vulnkey
program suitable to test your openssl key files.
I think it would be a good think to coordinate
On Tue, 2008-05-20 at 08:20 +0100, Alexandros Papadopoulos wrote:
> I administer a couple of remote Debian servers and must say the latest
> security update has left me stranded. My only access to these machines
> was over SSH, using keys. So I logged in the other night and this was
> the series of
On Tue, May 20, 2008 at 08:20:04AM +0100, Alexandros Papadopoulos wrote:
> + I enabled password authentication in sshd_config (PasswordAuthentication
> yes)
> + aptitude update && aptitude dist-upgrade, which updated the packages
> and restarted the openssh daemon
> + shortly thereafter my SSH co
On May 19, 2008, at 9:52 PM, Jan Tomasek wrote:
I do not trust dowkd.pl script because
it lacks info where keys were taken.
...
We did not want to publish this information in order to give system.
Do bear in mind that the public key consists of 1) the modulus and 2)
the public (or encry
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alexandros Papadopoulos said:
> + I enabled password authentication in sshd_config
> (PasswordAuthentication yes)
> + aptitude update && aptitude dist-upgrade, which updated the packages
> and restarted the openssh daemon
> + shortly thereafter my SSH
On Tue, 20 May 2008 08:20:04 +0100
"Alexandros Papadopoulos" <[EMAIL PROTECTED]> wrote:
> I administer a couple of remote Debian servers and must say the latest
> security update has left me stranded. My only access to these machines
> was over SSH, using keys. So I logged in the other night and t
I administer a couple of remote Debian servers and must say the latest
security update has left me stranded. My only access to these machines
was over SSH, using keys. So I logged in the other night and this was
the series of events:
+ I enabled password authentication in sshd_config (PasswordAuth
MaxStartups.
--On May 20, 2008 4:15:33 PM +1000 CaT <[EMAIL PROTECTED]> wrote:
I got connections from an unknown IP to openssh today. openssh logged:
Public key ... blacklisted (see ssh-vulnkey(1))
19 times, each time with a different key and then ssh would not respond
any more and connection
On Tue, May 20, 2008 at 12:52:54AM -0600, Michael Loftis wrote:
> MaxStartups.
Ah. That'd do it. First time I hit that. Thanks and sorry for the noise.
On the down side it seems people are already starting to exploit the
blacklisted keys.
--
"Police noticed some rustling sounds from Linn's bo
24 matches
Mail list logo
