[TriLUG] Heartbleed SSL vuln: regenerate your ssh host keys?
Daniel Sterling
sterling.daniel at gmail.com
Mon Apr 7 22:54:25 EDT 2014
>From what I understand, CVE-2014-0160 means that if you were running an
affected version of OpenSSL, any app using the library to receive SSL
connections could have 64k of its memory read at a time by a remote
attacker. Over time, this means all the memory in the app could be read.
For ssh, this means at least exposing your ssh host private key, which will
be in openssl's memory.
Private auth keys will probably not be in the memory of the process the
attacker could read, so they should be safe.
To prevent the possibility of mitm attacks being able to decrypt your ssh
traffic, you'll want to regenerate your ssh host keys after you upgrade
OpenSSL.
-- Dan
More information about the TriLUG
mailing list