maemo.org - Talk

maemo.org - Talk (https://talk.maemo.org/index.php)
-   Applications (https://talk.maemo.org/forumdisplay.php?f=41)
-   -   Does the severe debian openSSH security bug effect the tablets? (https://talk.maemo.org/showthread.php?t=20038)

ldrn 2008-05-13 19:32
Does the severe debian openSSH security bug effect the tablets?
 
I saw this on slashdot and have been busy regenerating all my SSH keys all morning:
http://lists.debian.org/debian-secur.../msg00152.html

I thought my tablet would be effected as well, as the version of OpenSSH shipped is high enough to have been vulnerable, but when I ran its server keys through the ssh-vulnkey tool, they came out as okay. The public keys I replaced as a matter of course.

Is the IT version of OpenSSH not based on debian's?

sjgadsby 2008-05-13 19:33
Re: Does the severe debian openSSH security bug effect the tablets?
 
Well, they might be affected...

fnordianslip 2008-05-13 20:17
Re: Does the severe debian openSSH security bug effect the tablets?
 
Quoting myself (http://www.internettablettalk.com/fo...&postcount=413) and Bundyo (http://www.internettablettalk.com/fo...&postcount=414) from elsewhere:

Quote:
Originally Posted by fnordianslip (Post 181165)
The chinook openssl package seems to be from an earlier version (0.97e-4) than that (0.9.8c-1) affected by the bug (http://article.gmane.org/gmane.linux....announce/1614), but I'm not entirely sure, as I haven't seen the source. fnord.
Quote:
Originally Posted by Bundyo (Post 181169)
Yes, Diablo's libssl and libcrypto are versioned 0.9.8
So, YMMV.

jackass124 2008-05-13 20:19
Re: Does the severe debian openSSH security bug effect the tablets?
 
quick question....if i wanna do remote desktop over the web from n800 to pc....is it essential to use open SSH to maximize security?? would you guys recommend it?...

Thanx!

ldrn 2008-05-13 20:54
Re: Does the severe debian openSSH security bug effect the tablets?
 
Thanks! I must have misread the version number; that explains why the server keys were good. What a good thing.

Jackass124: I would, especially if you are going to be entering in passwords and so on. Unlike VNC, remote desktop does have encryption, but all versions prior to 6 are vulnerable to a man in the middle attack, and I am not sure if using the rdesktop client makes you immune.

fnordianslip 2008-05-13 21:28
Re: Does the severe debian openSSH security bug effect the tablets?
 
jackass124: if you're running Windows on the PC then I'd use WinSCP and/or Putty to access the N800. I don't know if there's an easy way to do it the other way round - I suppose you'd have to use Samba. WinSCP and Putty use SSH and are as secure as it gets (unless you're running Debian/Ubuntu i suppose). Besides, with SSH you get a choice of crypto algorithms, SCP and SFTP for file transfers, and the ability to create tunnels or secure SOCKS proxies. All good stuff really.


All times are GMT. The time now is 18:32.

vBulletin® Version 3.8.8