Re: latest openssh for wheezy

2017-08-10 Thread Markus Koschany
of open ones for openssh on wheezy: https://security-tracker.debian.org/tracker/source-package/openssh Hi, there are only unimportant issues open. OpenSSH is up-to-date in Wheezy and Jessie. Please feel free to ask questions about Wheezy related packages on the debian-lts mailing list in the

Re: latest openssh for wheezy

2017-08-09 Thread Adam Weremczuk
Hi Salvatore, Thank you for that very useful link. The only outstanding concern from my list is: ID: OSVDB 14400 THREAT: The SSH server running on the remote host is affected by an information disclosure vulnerability. IMPACT: According to its banner, the version of OpenSSH running on the

Re: latest openssh for wheezy

2017-08-09 Thread Arto Jantunen
Adam Weremczuk writes: > Is there a better place / way to verify the latest Debian changelogs > online? You can use the security tracker to search for either the vulnerabilities, or packages: https://security-tracker.debian.org/tracker/ It lists a bunch of open ones for openssh on wheezy:

Re: latest openssh for wheezy

2017-08-09 Thread Salvatore Bonaccorso
16-10009 > CVE-2016-10010 > CVE-2016-10011 > CVE-2016-10012 > OSVDB-144000 > > in 6.0p1-4+deb7u6 ? The security-tracker can help you verifying the status for certain CVEs and source packages. For openssh, have a look at: https://security-tracker.debian.org/tracker/source-package/open

latest openssh for wheezy

2017-08-09 Thread Adam Weremczuk
share/doc/openssh-server/changelog.Debian on a system running 6.0p1-4+deb7u6 version on wheezy 7.1 but couldn't find them. Also: https://packages.debian.org/wheezy/openssh-server --> "Debian Changelog" returns 404 not found. Why is that? Is there a better place / way to v

RE: [SECURITY] [DSA 3550-1] openssh security update

2016-04-18 Thread Damien MURE
33 18 damien.m...@atih.sante.fr - www.atih.sante.fr -Message d'origine- De : Moritz Muehlenhoff [mailto:j...@debian.org] Envoyé : vendredi 15 avril 2016 19:09 À : debian-security-annou...@lists.debian.org Objet : [SECURITY] [DSA 3550-1] openssh security update Importance : Haute --

Re: [SECURITY] [DSA 3446-1] openssh security update

2016-01-14 Thread Steph
>> January 14, 2016 https://www.debian.org/security/faq >> - >> ----- >> >> Package: openssh >> CVE ID : CVE-2016-0777 CVE-2016-0778 >> Debian bug : 81

Re: [SECURITY] [DSA 3446-1] openssh security update

2016-01-14 Thread Steph
an Security Advisory DSA-3446-1 secur...@debian.org > https://www.debian.org/security/Yves-Alexis Perez > January 14, 2016 https://www.debian.org/security/faq > - ------

Re: OpenSSH not logging denied public keys, even with logging set to verbose.

2012-03-01 Thread Mike Mestnik
eshly installed Debian and Ubuntu too >>>>> though, tested it on Ubuntu too. >>>> http://etbe.coker.com.au/2011/12/31/server-cracked/ >>>> >>>> If you havd a sshd that is compromised in the same way as one was on one >>>> of my >&

Re: OpenSSH not logging denied public keys, even with logging set to verbose.

2012-03-01 Thread Mike Mestnik
u too. >>> http://etbe.coker.com.au/2011/12/31/server-cracked/ >>> >>> If you havd a sshd that is compromised in the same way as one was on one of >>> my >>> servers then Anibal's command will give an output of 0. >>> >>> I d

Re: OpenSSH not logging denied public keys, even with logging set to verbose.

2012-03-01 Thread Bedwell, Jordon
> If you havd a sshd that is compromised in the same way as one was on one of >> my >> servers then Anibal's command will give an output of 0. >> >> I don't know what relevance this has to a discussion of OpenSSH logging >> though. >> >> I'

Re: OpenSSH not logging denied public keys, even with logging set to verbose.

2012-03-01 Thread Russell Coker
On Fri, 2 Mar 2012, Mike Mestnik wrote: > > I'd like to have OpenSSH log the email address field from a key that was > > used for login so I could see something like "ssh key > > russ...@coker.com.au was used to login to account rjc" in my logs. > >

Re: OpenSSH not logging denied public keys, even with logging set to verbose.

2012-03-01 Thread Mike Mestnik
s then Anibal's command will give an output of 0. > > I don't know what relevance this has to a discussion of OpenSSH logging > though. > > I'd like to have OpenSSH log the email address field from a key that was used > for login so I could see something like "s

Re: OpenSSH not logging denied public keys, even with logging set to verbose.

2012-03-01 Thread Mike Mestnik
On 03/01/12 18:23, Bedwell, Jordon wrote: > On Thu, Mar 1, 2012 at 3:16 PM, Mike Mestnik wrote: >> On 03/01/2012 02:51 PM, Aníbal Monsalve Salazar wrote: >>> On Thu, Mar 01, 2012 at 06:56:07AM -0600, Jordon Bedwell wrote: >>> The problem is I cannot get sshd to log publickey denied errors to

Re: OpenSSH not logging denied public keys, even with logging set to verbose.

2012-03-01 Thread Russell Coker
on freshly installed Debian and Ubuntu too > though, tested it on Ubuntu too. http://etbe.coker.com.au/2011/12/31/server-cracked/ If you havd a sshd that is compromised in the same way as one was on one of my servers then Anibal's command will give an output of 0. I don't know what rel

Re: OpenSSH not logging denied public keys, even with logging set to verbose.

2012-03-01 Thread Bedwell, Jordon
On Thu, Mar 1, 2012 at 3:16 PM, Mike Mestnik wrote: > On 03/01/2012 02:51 PM, Aníbal Monsalve Salazar wrote: >> >> On Thu, Mar 01, 2012 at 06:56:07AM -0600, Jordon Bedwell wrote: >> >>> >>> The problem is I cannot get sshd to log publickey denied errors to >>> /var/log/auth.log so our daemons can

Re: OpenSSH not logging denied public keys, even with logging set to verbose.

2012-03-01 Thread Jordon Bedwell
2012/3/1 Aníbal Monsalve Salazar : > On Thu, Mar 01, 2012 at 06:56:07AM -0600, Jordon Bedwell wrote: >>The problem is I cannot get sshd to log publickey denied errors to >>/var/log/auth.log so our daemons can ban these users.  I want to know >>what happened to messages like "publickey denied for [u

Re: OpenSSH not logging denied public keys, even with logging set to verbose.

2012-03-01 Thread Mike Mestnik
On 03/01/2012 02:51 PM, Aníbal Monsalve Salazar wrote: On Thu, Mar 01, 2012 at 06:56:07AM -0600, Jordon Bedwell wrote: The problem is I cannot get sshd to log publickey denied errors to /var/log/auth.log so our daemons can ban these users. I want to know what happened to messages like "publ

Re: OpenSSH not logging denied public keys, even with logging set to verbose.

2012-03-01 Thread Aníbal Monsalve Salazar
On Thu, Mar 01, 2012 at 06:56:07AM -0600, Jordon Bedwell wrote: >The problem is I cannot get sshd to log publickey denied errors to >/var/log/auth.log so our daemons can ban these users. I want to know >what happened to messages like "publickey denied for [user] from [ip]" >I cannot get it to log

Re: OpenSSH not logging denied public keys, even with logging set to verbose.

2012-03-01 Thread Jordon Bedwell
On Thu, Mar 1, 2012 at 6:31 AM, Taz wrote: >>rsaauthentication no > change this to yes I'm at a loss, how is setting an option that does not even apply to us (since we use Protocol 2 and that option is moot for us anyways) going to fix a logging issue? Perhaps I need to be more explicit and I am

OpenSSH not logging denied public keys, even with logging set to verbose.

2012-03-01 Thread Jordon Bedwell
SSH Version: OpenSSH_5.5p1 Debian-6+squeeze1, OpenSSL 0.9.8o 01 Jun 2010 part of the config: compression yes maxauthtries 1 port 22 listenaddress 10.6.18.80 protocol 2 useprivilegeseparation yes syslogfacility AUTH loglevel VERBOSE logingracetime 30 permitrootlogin yes strictmodes yes rsaauthentic

Re: need help with openssh attack

2012-01-09 Thread consul tores
gt; > How can i contact openssh mnt? > > Thank you. Hello Taz Could you please expand your technical explanation? a. do you use keys+passphrases or keys or passwords? b. how many people have a key or password? c. could you show sshd_config at pastebin? d. how many servers were really compr

Re: need help with openssh attack

2012-01-07 Thread Poison Bit
On Thu, Dec 29, 2011 at 4:51 PM, Thijs Kinkhorst wrote: > On Thu, December 29, 2011 16:37, Nicolas Carusso wrote: >> >> How about creating a Referense list with all the suggestions that we are >> doing? >> If all of you agree, Let's start now. >> >> SECURITY LIST >> ** > > There's

Re: need help with openssh attack

2011-12-30 Thread Russell Coker
On Fri, 30 Dec 2011, Taz wrote: > of course, i've double changed all password and regenerated ssh keys. Are the SSH and PAM settings doing what you think? I suggest carefully examining the contents of /etc to see what has been changed from the default. A new sshd vulnerability that allows remo

AW: need help with openssh attack

2011-12-29 Thread Patrick Geschke
Has this issue been resolved? Can we be sure this doesn't lead back to a potentially vulnerable component of openssh? Can you provide any further information? Did you find the point of entry? (compromise) Greetings, Patrick -- Patrick Geschke Systemadministration Top Arbeitgeber 2011! K

Re: need help with openssh attack

2011-12-29 Thread Noah Meyerhans
On Thu, Dec 29, 2011 at 11:30:27PM +0400, Taz wrote: > Anybody want's to check it out? > I can provide ssh access, if u will give me ssh key. From the sound of things, we're not going to find much. It's clear that the attackers have already cleaned up their tracks by editing auth.log, etc. The d

Re: need help with openssh attack

2011-12-29 Thread Taz
Anybody want's to check it out? I can provide ssh access, if u will give me ssh key. On Thu, Dec 29, 2011 at 11:06 PM, Noah Meyerhans wrote: > On Thu, Dec 29, 2011 at 04:39:24PM +0100, Kees de Jong wrote: >> I guess I already pointed out everything. I added the updating part to it. >> >> * Use

Re: need help with openssh attack

2011-12-29 Thread Bartosz Feński
gards fEnIo On Thu, Dec 29, 2011 at 8:42 PM, Todd Wheeler wrote: I'm wondering based on this if there is anything in /etc/xinetd.d or if there is anything in /etc/ssh/sshd_config that would point you in the right direction. Sounds like something is spawning based on a connection to port

Re: need help with openssh attack

2011-12-29 Thread Noah Meyerhans
On Thu, Dec 29, 2011 at 04:39:24PM +0100, Kees de Jong wrote: > I guess I already pointed out everything. I added the updating part to it. > > * Use private not public keys with strong passwords This doesn't make any sense at all. You need both private and public keys for key-based authenticatio

Re: need help with openssh attack

2011-12-29 Thread Taz
, Todd Wheeler wrote: > I'm wondering based on this if there is anything in /etc/xinetd.d or if > there is anything in /etc/ssh/sshd_config that would point you in the right > direction. Sounds like something is spawning based on a connection to port > 22. (if OpenSSH itself

Re: need help with openssh attack

2011-12-29 Thread Taz
ted machines. >>>>> >>>>> >>>>> PS: We all got it now, fail2ban is a great tool ;-) >>>>> >>>>> >>>>> >>>>> >>>>> On Thu, Dec 29, 2011 at 15:04, Taz wrote: >>>

Re: need help with openssh attack

2011-12-29 Thread Todd Wheeler
I'm wondering based on this if there is anything in /etc/xinetd.d or if there is anything in /etc/ssh/sshd_config that would point you in the right direction. Sounds like something is spawning based on a connection to port 22. (if OpenSSH itself wasn't exploited) Times like this:

Re: need help with openssh attack

2011-12-29 Thread Todd Wheeler
t;>> >>>> >>>> >>>> >>>> On Thu, Dec 29, 2011 at 15:04, Taz wrote: >>>>> >>>>> Hello, we've got various debian servers, about 15, with different >>>>> versions. All of them have been attacked

Re: need help with openssh attack

2011-12-29 Thread Taz
is a total new start on >>> all the affected machines. >>> >>> >>> PS: We all got it now, fail2ban is a great tool ;-) >>> >>> >>> >>> >>> On Thu, Dec 29, 2011 at 15:04, Taz wrote: >>>> >>>> Hello, we'

Re: need help with openssh attack

2011-12-29 Thread Taz
7;ve got various debian servers, about 15, with different >>> versions. All of them have been attacked today and granted root >>> access. >>> Can anybody help? We can give ssh access to attacked machine, it seems >>> to be serious ssh vulnerability. >>

RE: need help with openssh attack

2011-12-29 Thread Marcelo Andres Puebla Brescia
2:37 Para: serge.dewai...@openevents.fr; debian-security@lists.debian.org Asunto: RE: need help with openssh attack How about creating a Referense list with all the suggestions that we are doing? If all of you agree, Let's start now. SECURITY LIST ** 1. SSH. Deny root

Re: need help with openssh attack

2011-12-29 Thread Taz
29, 2011 at 15:04, Taz wrote: >> >> Hello, we've got various debian servers, about 15, with different >> versions. All of them have been attacked today and granted root >> access. >> Can anybody help? We can give ssh access to attacked machine, it seems >>

RE: need help with openssh attack

2011-12-29 Thread Thijs Kinkhorst
On Thu, December 29, 2011 16:37, Nicolas Carusso wrote: > > How about creating a Referense list with all the suggestions that we are > doing? > If all of you agree, Let's start now. > > SECURITY LIST > ** There's already the Securing Debian HOWTO: http://www.debian.org/doc/manuals/

Re: need help with openssh attack

2011-12-29 Thread Serge Dewailly
y and granted root access. Can anybody help? We can give ssh access to attacked machine, it seems to be serious ssh vulnerability. How can i contact openssh mnt? Thank you. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble?

Re: need help with openssh attack

2011-12-29 Thread Kees de Jong
6:16:45 +0100 > > From: serge.dewai...@openevents.fr > > To: debian-security@lists.debian.org > > > Subject: Re: need help with openssh attack > > > > Hi, > > > > To prevent brute-force attack, you can also use the package named > > "fail2ban&

RE: need help with openssh attack

2011-12-29 Thread Nicolas Carusso
te. Keep debian Updated. 4 > Date: Thu, 29 Dec 2011 16:16:45 +0100 > From: serge.dewai...@openevents.fr > To: debian-security@lists.debian.org > Subject: Re: need help with openssh attack > > Hi, > > To prevent brute-force attack, you can also use the package named &

Re: need help with openssh attack

2011-12-29 Thread Kees de Jong
o be serious ssh vulnerability. > > How can i contact openssh mnt? > > Thank you. > > > -- > To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: &

Re: need help with openssh attack

2011-12-29 Thread Serge Dewailly
about 15, with different versions. All of them have been attacked today and granted root access. Can anybody help? We can give ssh access to attacked machine, it seems to be serious ssh vulnerability. How can i contact openssh mnt? Thank you. -- To UNSUBSCRIBE, email to debian-security-requ...@l

RE: need help with openssh attack

2011-12-29 Thread Nicolas Carusso
il.com > CC: debian-security@lists.debian.org > Subject: Re: need help with openssh attack > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hello, > > Could you please paste /var/log/auth.log message of attack? > Are you sure about it's not any bruteforce

Re: need help with openssh attack

2011-12-29 Thread André Schild
can give ssh access to attacked > machine, it seems to be serious ssh vulnerability. > > How can i contact openssh mnt? > > Thank you. > > -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla -

Re: need help with openssh attack

2011-12-29 Thread Kees de Jong
sh_trojan.html > > The above blog post may be of use to you. One of my servers was > compromised > via that one. > > > How can i contact openssh mnt? > > Colin Watson > > The changelog for the openssh-server package gives Colin as the maintainer. > > -- > M

Re: need help with openssh attack

2011-12-29 Thread Nikolay Yatsyshyn
> versions. All of them have been attacked today and granted root > > access. Can anybody help? We can give ssh access to attacked > > machine, it seems to be serious ssh vulnerability. > > > > How can i contact openssh mnt? > > > > Thank you. >

Re: need help with openssh attack

2011-12-29 Thread Russell Coker
vulnerability. http://blog.sesse.net/blog/tech/2011-11-15-21-44_ebury_a_new_ssh_trojan.html The above blog post may be of use to you. One of my servers was compromised via that one. > How can i contact openssh mnt? Colin Watson The changelog for the openssh-server package gives Colin as the m

Re: need help with openssh attack

2011-12-29 Thread Ville Tiensuu
ked today and granted root > access. Can anybody help? We can give ssh access to attacked > machine, it seems to be serious ssh vulnerability. > > How can i contact openssh mnt? > > Thank you. > > -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) Comment: Usi

need help with openssh attack

2011-12-29 Thread Taz
Hello, we've got various debian servers, about 15, with different versions. All of them have been attacked today and granted root access. Can anybody help? We can give ssh access to attacked machine, it seems to be serious ssh vulnerability. How can i contact openssh mnt? Thank you. -

Re: Backport for OpenSSH CBC Mode Information Disclosure Vulnerability

2009-06-30 Thread Russ Allbery
Sam Kuper writes: > 2009/6/30 Nico Golde > >> http://security-tracker.debian.net/tracker/CVE-2008-5161 > Ouch! I agree with the note. My understanding is that you then terminate the connection you're attacking as part of the attempt to recover the cleartext unless you happen to succeed. I thi

Re: Backport for OpenSSH CBC Mode Information Disclosure Vulnerability

2009-06-30 Thread Sam Kuper
2009/6/30 Nico Golde > > Hi, > * Niko Thome [2009-06-30 11:47]: > > I stumbled upon a vulnerability in OpenSSH reported back in November > > 2008. http://www.securityfocus.com/bid/32319 > > > > I was a bit concerned about that flaw, and tried to find out if

Re: Backport for OpenSSH CBC Mode Information Disclosure Vulnerability

2009-06-30 Thread Nico Golde
Hi, * Niko Thome [2009-06-30 11:47]: > I stumbled upon a vulnerability in OpenSSH reported back in November > 2008. http://www.securityfocus.com/bid/32319 > > I was a bit concerned about that flaw, and tried to find out if it is > fixed due a backport of some openSSH 5.2 upstr

Backport for OpenSSH CBC Mode Information Disclosure Vulnerability

2009-06-30 Thread Niko Thome
Hello List, I stumbled upon a vulnerability in OpenSSH reported back in November 2008. http://www.securityfocus.com/bid/32319 I was a bit concerned about that flaw, and tried to find out if it is fixed due a backport of some openSSH 5.2 upstream code. But I didn't find neither a bug nor

Re: [SECURITY] [DSA 1638-1] New openssh packages fix denial of service

2008-09-16 Thread Florian Weimer
* Florian Weimer: > Debian-specific: no > It has been discovered that the signal handler implementing the login > timeout in Debian's version of the OpenSSH server uses functions which > are not async-signal-safe, leading to a denial of service > vulnerability (CVE-2008-41

Re: openssh remote upgrade procedure?

2008-05-26 Thread Alexandros Papadopoulos
tEmptyPasswords no PasswordAuthentication yes X11Forwarding no X11DisplayOffset 10 PrintMotd no PrintLastLog no KeepAlive yes Subsystem sftp /usr/lib/openssh/sftp-server UsePAM no This is sshd_config now: Port 222 Protocol 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key UsePriv

Re: openssh remote upgrade procedure?

2008-05-23 Thread Michael Stone
I'd suggest posting your sshd_config & your ssh -v output. Mike Stone -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: openssh remote upgrade procedure?

2008-05-22 Thread Alexandros Papadopoulos
On Fri, May 23, 2008 at 12:28 AM, Karl Goetz <[EMAIL PROTECTED]> wrote: > On Thu, 2008-05-22 at 07:49 +0100, Alexandros Papadopoulos wrote: >> Hi all, thanks for the suggestions so far. >> >> I talked local staff through backing up the sshd configuration file, >> p

Re: openssh remote upgrade procedure?

2008-05-22 Thread Karl Goetz
On Thu, 2008-05-22 at 07:49 +0100, Alexandros Papadopoulos wrote: > Hi all, thanks for the suggestions so far. > > I talked local staff through backing up the sshd configuration file, > purging the openssh-server package and then reinstalling openssh. > > I'm quite frustr

Re: openssh remote upgrade procedure?

2008-05-22 Thread Nicolas Rachinsky
* Alexandros Papadopoulos <[EMAIL PROTECTED]> [2008-05-22 07:49 +0100]: > 2. tail -f /var/log/auth.log on the server - staff reported no new > entries while I was attempting to login You can try to get more information by running sshd -d (stop the normal daemon before). Nicolas -- http://www.ra

Re: openssh remote upgrade procedure?

2008-05-21 Thread Alexandros Papadopoulos
Hi all, thanks for the suggestions so far. I talked local staff through backing up the sshd configuration file, purging the openssh-server package and then reinstalling openssh. I'm quite frustrated to say this didn't fix anything. Had exactly the same behaviour: debug1: Next auth

Re: openssh remote upgrade procedure?

2008-05-21 Thread Thomas Hochstein
Michel Messerschmidt schrieb: > 1) Create a new temporary keypair on a non-vulnerable system and >protect the key with a good passphrase. > 2) Install the temporary public key on the vulnerable system *before* >the upgrade. Because it is no weak key, it won't be blacklisted. >Note: Y

Re: Accepted openssh-blacklist 0.3 (source all)

2008-05-21 Thread Kees Cook
which means there wasn't a way to generate bad >> ones: >> > > It didn't before. At least not directly from ssh-keygen. > > It is so because It won't be standard compliant (the standard specify > that DSA must be 1024 bits). I don't know if Op

Re: Accepted openssh-blacklist 0.3 (source all)

2008-05-21 Thread Simon Valiquette
y from ssh-keygen. It is so because It won't be standard compliant (the standard specify that DSA must be 1024 bits). I don't know if OpenSSH will accept longer keylength (some implementation will certainly refuse It). Personnally, in situation when I really care, I like to simp

Re: Accepted openssh-blacklist 0.3 (source all)

2008-05-21 Thread Kees Cook
On Wed, May 21, 2008 at 07:07:34AM +0200, Vincent Bernat wrote: > OoO En cette nuit nuageuse du mercredi 21 mai 2008, vers 01:32, Kees > Cook <[EMAIL PROTECTED]> disait: > > > * Add empty DSA-2048, since they weren't any bad ones. > > How is it possible? I could be mistaken, but prior to ope

Re: openssh remote upgrade procedure?

2008-05-20 Thread Michel Messerschmidt
try to utilise the simplest > of all, keyboard interactive authentication. I'd suspect breakage > between the new openssh daemon and the authentication mechanisms (PAM, > GSSAPI, you-name-it), but on two different distributions > simultaneously? Have you ever tested password aut

Re: Accepted openssh-blacklist 0.3 (source all)

2008-05-20 Thread Vincent Bernat
OoO En cette nuit nuageuse du mercredi 21 mai 2008, vers 01:32, Kees Cook <[EMAIL PROTECTED]> disait: > * Add empty DSA-2048, since they weren't any bad ones. How is it possible? Thanks. -- BOFH excuse #63: not properly grounded, please bury computer pgp3twM6bO48f.pgp Description: PGP sig

Re: openssh remote upgrade procedure?

2008-05-20 Thread Jim Popovitch
On Tue, May 20, 2008 at 6:38 PM, Kim N. Lesmer <[EMAIL PROTECTED]> wrote: > On Tue, 20 May 2008 20:45:20 +0100 > "Alexandros Papadopoulos" <[EMAIL PROTECTED]> wrote: > >> 3. Testing to see if you can still get on to a server is exactly what >> I would have done, if my connection had not been killed

Re: openssh remote upgrade procedure?

2008-05-20 Thread Kim N. Lesmer
fig and restart the daemon, with absolutely no change in > behavior. So at this point you cannot gain access on the machine at all using SSH, but you have a local staff with access. Make them purge (not just delete) the openssh-server, and re-install it. > a) How/why were my active connec

Re: openssh remote upgrade procedure?

2008-05-20 Thread Vincent Bernat
OoO En ce début de soirée du mardi 20 mai 2008, vers 21:45, "Alexandros Papadopoulos" <[EMAIL PROTECTED]> disait: > 3. Testing to see if you can still get on to a server is exactly what > I would have done, if my connection had not been killed by the server > itself a few seconds after upgrading

Re: openssh remote upgrade procedure?

2008-05-20 Thread Alexandros Papadopoulos
Unfortunately my question has still not been answered. 1. What's the information in /usr/share/doc/openssh-server that is so enlightening? I don't have access to a debian machine right now so would be nice to know. Tried downloading from http://packages.debian.org/etch/openssh-server t

Re: openssh remote upgrade procedure?

2008-05-20 Thread Karl Goetz
; the series of events: > + I enabled password authentication in sshd_config (PasswordAuthentication > yes) > + aptitude update && aptitude dist-upgrade, which updated the packages > and restarted the openssh daemon > + shortly thereafter my SSH connection was terminated >

Re: openssh remote upgrade procedure?

2008-05-20 Thread CaT
On Tue, May 20, 2008 at 08:20:04AM +0100, Alexandros Papadopoulos wrote: > + I enabled password authentication in sshd_config (PasswordAuthentication > yes) > + aptitude update && aptitude dist-upgrade, which updated the packages > and restarted the openssh daemon > + sh

Re: openssh remote upgrade procedure?

2008-05-20 Thread Michel Messerschmidt
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexandros Papadopoulos said: > + I enabled password authentication in sshd_config > (PasswordAuthentication yes) > + aptitude update && aptitude dist-upgrade, which updated the packages > and restarted the openssh daemon >

Re: openssh remote upgrade procedure?

2008-05-20 Thread Rico Secada
ed in the other night and this was > the series of events: > + I enabled password authentication in sshd_config > (PasswordAuthentication yes) > + aptitude update && aptitude dist-upgrade, which updated the packages > and restarted the openssh daemon > + shortly thereaf

openssh remote upgrade procedure?

2008-05-20 Thread Alexandros Papadopoulos
(PasswordAuthentication yes) + aptitude update && aptitude dist-upgrade, which updated the packages and restarted the openssh daemon + shortly thereafter my SSH connection was terminated + I tried to login to the machine, but never got the chance: debug1: Host '[hostname.domainname]:222' is

Re: openssh lockup after blacklist hits

2008-05-20 Thread Michael Loftis
MaxStartups. --On May 20, 2008 4:15:33 PM +1000 CaT <[EMAIL PROTECTED]> wrote: I got connections from an unknown IP to openssh today. openssh logged: Public key ... blacklisted (see ssh-vulnkey(1)) 19 times, each time with a different key and then ssh would not respond any mo

Re: openssh lockup after blacklist hits

2008-05-20 Thread CaT
On Tue, May 20, 2008 at 12:52:54AM -0600, Michael Loftis wrote: > MaxStartups. Ah. That'd do it. First time I hit that. Thanks and sorry for the noise. On the down side it seems people are already starting to exploit the blacklisted keys. -- "Police noticed some rustling sounds from Linn's bo

openssh lockup after blacklist hits

2008-05-19 Thread CaT
I got connections from an unknown IP to openssh today. openssh logged: Public key ... blacklisted (see ssh-vulnkey(1)) 19 times, each time with a different key and then ssh would not respond any more and connections to it froze like so: $ ssh [EMAIL PROTECTED] -v OpenSSH_4.3p2 Debian-9etch1

RE: [SECURITY] [DSA 1576-2] New openssh packages fix predictable randomness

2008-05-19 Thread Leonardo Naranjo
Hola: Por si les interesa, hay una alerta de seguridad en debian. Saludos Leonardo > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Date: Fri, 16 May 2008 18:14:27 +0200 > Subject: [SECURITY] [DSA 1576-2] New openssh packages fix

RE: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness

2008-05-19 Thread Leonardo Naranjo
Hola: Por si les interesa, hay una alerta de seguridad en debian. Saludos Leonardo > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Date: Wed, 14 May 2008 11:24:56 +0200 > Subject: [SECURITY] [DSA 1576-1] New openssh packages fix

openssh: working exploit on bugtraq

2008-05-15 Thread Christoph A.
http://www.securityfocus.com/archive/1/492112/30/0/threaded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness

2008-05-14 Thread CaT
On Wed, May 14, 2008 at 07:33:43PM +0200, Jan Luehr wrote: > >To check all your own keys, assuming they are in the standard > >locations (~/.ssh/id_rsa, ~/.ssh/id_dsa, or ~/.ssh/identity): > > > > ssh-vulnkey > > I took a look at it and found two large blacklist containing lots of key

Re: openssl/openssh fixes for lenny (testing)

2008-05-14 Thread Noah Meyerhans
On Wed, May 14, 2008 at 10:39:10AM -0700, Harry Edmon wrote: > Are there any plans to issue the same openssl/openssh security fixes for > lenny has have been done for etch? OpenSSL has already been fixed in lenny. The openssh package containing ssh-vulkey should hit testing tomorrow

openssl/openssh fixes for lenny (testing)

2008-05-14 Thread Harry Edmon
Are there any plans to issue the same openssl/openssh security fixes for lenny has have been done for etch? -- Dr. Harry Edmon E-MAIL: [EMAIL PROTECTED] 206-543-0547[EMAIL PROTECTED] Dept of Atmospheric SciencesFAX:206-543-0308

Re: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness

2008-05-14 Thread Jan Luehr
Hello, Am Mittwoch, 14. Mai 2008 schrieb Florian Weimer: > Package : openssh > Vulnerability : predictable random number generator > Problem type : remote > Debian-specific: yes > CVE Id(s) : CVE-2008-0166 > > The recently announced vulnerability in Debian

Re: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness

2008-05-14 Thread CaT
On Wed, May 14, 2008 at 12:17:14PM +0200, Jan Luehr wrote: > > 1. Install the security updates > > > >This update contains a dependency on the openssl update and will > >automatically install a corrected version of the libss0.9.8 package, > >and a

Re: AW: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness

2008-05-14 Thread José Santos
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wolf Tony wrote: | Hi, | | you only need to do | | aptitude install openssh-server | | or | | apt-get install openssh-server | | Best regards | | Tony Wolf | That worked fine. Thank you. Kind regards - -- José Santos [EMAIL PROTECTED] -BEGIN

AW: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness

2008-05-14 Thread Wolf Tony
Hi, you only need to do aptitude install openssh-server or apt-get install openssh-server Best regards Tony Wolf -Ursprüngliche Nachricht- Von: Alvise Belotti [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 14. Mai 2008 12:20 An: José Santos Cc: debian-security@lists.debian.org

Re: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness

2008-05-14 Thread Jan Luehr
Hello, Am Mittwoch, 14. Mai 2008 schrieb Florian Weimer: > Package : openssh > Vulnerability : predictable random number generator > Problem type : remote > Debian-specific: yes > CVE Id(s) : CVE-2008-0166 > 1. Install the security updates > >This upda

Re: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness

2008-05-14 Thread Alvise Belotti
MAIL PROTECTED] > | http://www.debian.org/security/ Florian Weimer > | May 14, 2008 http://www.debian.org/security/faq > | ---- > | > | Package: openssh > |

Re: [SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness

2008-05-14 Thread José Santos
| May 14, 2008 http://www.debian.org/security/faq | | | Package: openssh | Vulnerability : predictable random number generator | Problem type : remote | Debian-specific: yes | CVE Id(s

Openssh with chroot patch for sarge

2004-03-15 Thread Emmanuel Lacour
just the latest ssh from debian with the right patch from http://chrootssh.sourceforge.net/). Sarge: deb http://debian.home-dn.net/sarge openssh/ deb-src http://debian.home-dn.net/sarge openssh/ Woody: deb http://debian.home-dn.net/woody openssh/ deb-src http://debian.home-dn.net/woody o

Openssh with chroot patch for sarge

2004-03-15 Thread Emmanuel Lacour
just the latest ssh from debian with the right patch from http://chrootssh.sourceforge.net/). Sarge: deb http://debian.home-dn.net/sarge openssh/ deb-src http://debian.home-dn.net/sarge openssh/ Woody: deb http://debian.home-dn.net/woody openssh/ deb-src http://debian.home-dn.net/woody o

Re: OpenSSH in Woody

2003-09-25 Thread Andreas Barth
* Francois Sauterey ([EMAIL PROTECTED]) [030922 22:36]: > Le 13:56 22/09/03 -0400, George Georgalis nous a écrit : > ** Message d'origine ** > >Most of my debian installs took the recent ssh updates without a hiccup, > >but two of them deposited the file /etc/ssh/sshd_not_to_be_run before >

Re: OpenSSH in Woody

2003-09-25 Thread Andreas Barth
* Francois Sauterey ([EMAIL PROTECTED]) [030922 22:36]: > Le 13:56 22/09/03 -0400, George Georgalis nous a écrit : > ** Message d'origine ** > >Most of my debian installs took the recent ssh updates without a hiccup, > >but two of them deposited the file /etc/ssh/sshd_not_to_be_run before >

Re: OpenSSH in Woody

2003-09-24 Thread Bernd Eckenfels
In article <[EMAIL PROTECTED]> you wrote: > and what's about ssh/potato ? > I don't see any thing about a new upgrade foir ssh in potato ? Potato is not anymore supported by debian security team, as you can read in the faq. t is unfortunate, I still have some systems running.. well.. thanks god no

Re: OpenSSH in Woody

2003-09-24 Thread Bernd Eckenfels
In article <[EMAIL PROTECTED]> you wrote: > and what's about ssh/potato ? > I don't see any thing about a new upgrade foir ssh in potato ? Potato is not anymore supported by debian security team, as you can read in the faq. t is unfortunate, I still have some systems running.. well.. thanks god no

Re: Newest OpenSSH advisory

2003-09-24 Thread Matt Zimmerman
On Wed, Sep 24, 2003 at 12:12:54PM +0300, Riku Anttila wrote: > According to http://www.openssh.com/txt/sshpam.adv there are multiple > vulnerabilities in the "new PAM code of Portable OpenSSH". > > It sounds as if it's limited to versions 3.7p1 and3.7.1p1, but I t

Re: Newest OpenSSH advisory

2003-09-24 Thread Matt Zimmerman
On Wed, Sep 24, 2003 at 12:12:54PM +0300, Riku Anttila wrote: > According to http://www.openssh.com/txt/sshpam.adv there are multiple > vulnerabilities in the "new PAM code of Portable OpenSSH". > > It sounds as if it's limited to versions 3.7p1 and3.7.1p1, but I t

  1   2   3   4   >