Issue 89461 - Replace compromised SSH key for user hatapitk
Summary: Replace compromised SSH key for user hatapitk
Status: CLOSED FIXED
Alias: None
Product: Infrastructure
Classification: Infrastructure
Component: Website general issues (show other issues)
Version: current
Hardware: All All
: P2 Trivial (vote)
Target Milestone: ---
Assignee: louis suarez-potts
QA Contact: issues@www
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-05-14 13:08 UTC by hatapitk
Modified: 2008-11-07 22:05 UTC (History)
2 users (show)

See Also:
Issue Type: TASK
Latest Confirmation in: ---
Developer Difficulty: ---

Attachments
New SSH2 public key (598 bytes, application/octet-stream)
2008-05-14 13:10 UTC, hatapitk 		no flags Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description hatapitk 2008-05-14 13:08:48 UTC 
Due to a bug in the openssl library shipped in Debian
  http://www.debian.org/security/2008/dsa-1571
  http://www.ubuntu.com/usn/usn-612-2
all SSH keys generated on recent Debian and Ubuntu systems are so weak that they
should be considered compromised. Since I have generated my SSH key on such
system, it should be revoked and replaced with a new one.

Fingerprint of the compromised key is
  5f:15:b3:9d:95:d7:90:24:8b:ba:ac:bf:e7:5b:b1:b2
Fingerprint of the new, valid key that I will attach to this issue is
  a3:f3:c4:27:57:e4:ec:ba:71:b1:3a:64:5d:6b:9c:9c

Since this bug has been in Debian and Ubuntu releases for slightly over a year,
it is likely that there are other similarly weak keys installed on OOo servers.
It might make sense to scan for them using some of the published tools (more
information in the security advisories linked above).
Comment 1 hatapitk 2008-05-14 13:10:33 UTC 
Created attachment 53622 [details]
New SSH2 public key
Comment 2 stx123 2008-05-16 12:18:48 UTC 
Hi, Your new key is in place. Please confirm. Thanks, Stefan.
Comment 3 hatapitk 2008-05-17 07:25:53 UTC 
Confirmed, the new key works properly. Thanks!
Comment 4 stx123 2008-05-17 09:21:22 UTC 
thanks for the confirmation...
Comment 5 Mechtilde 2008-11-07 22:05:43 UTC 
.