Dreamhost affected by OpenSSL bug?


#1

Was Dreamhost affected by this or is there nothing to worry about?

Title: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
URL: http://lists.debian.org/debian-security-announce/2008/msg00152.html


#2

No. From your link:

And from the wiki for Debian:

-Scott


#3

Though this is too much for me to understand, I’m glad that we are safe here :slight_smile:

$50 off and 3 free domains with code: [color=#CC0000]DH3[/color] Sign Up NOW or More Codes Here


#4

If you want to check your OpenSSL version, use the unix command “openssl version”. My server is running 0.9.7e.

Use the [color=#CC0000]3DOM50[/color] promo code for 3 extra lifetime domains and $50 off
More Dreamhost coupons here!


#5

Should Dreamhost install and run the following and then notify
affected users of the results? Or am I just overreacting: even if they
have bad keys, because Dreamhost has good systems, it doesn’t matter?

ssh-vulnkey checks a key against a blacklist of compromised keys.

-a Check keys of all users on the system. You will typically need
to run ssh-vulnkey as root to use this option. For each user,
ssh-vulnkey will check ~/.ssh/id_rsa, ~/.ssh/id_dsa,
~/.ssh/identity, ~/.ssh/authorized_keys and
~/.ssh/authorized_keys2. It will also check the system’s host
keys.


#6

I was right: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483756
I’ll notify security to have them scan for open doors.