Ubuntu Blog – Latest informations

Just another WordPress.com site

How to patch Ubuntu OpenSSL and openSSH vulnerabilities


I’m sure you’ve heard by now that there are a reported vulnerability in openSSL and openSSH. This applies to any Debian and its variants for now (ie: Ubuntu).

This is a very serious issue, so that as soon as possible should be corrected.

Follow the instructions below to keep your machines running Debian and Ubuntu with this vulnerability.

Run the following command to find out if you’re interested:

wget-c http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
gunzip dowkd.pl.gz
chmod u + x dowkd.pl
/dowkd.PL user.
/dowkd.PL host hostname.

If the second to the past or the last command above shows something like the following:

ssh/id_dsa.Pub: 1: weak key

… then that will be affected. If you do not have the “low key” reported sees are you OK.

Otherwise follow below:

Any updates, perform the following command line:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade

You should see an update packages openssl and openssh (along with everything else available).

After installing this new packages to generate the keys that you have generated (ie;OpenSSH keys, CA cert, etc.).

To generate a new key for user: OpenSSH (this is only necessary if ‘. weak/dowkd .pl user reports)

ssh-keygen-t dsa-b 1024

To generate a new key server OpenSSH: (this is only necessary if.. host hostname signals weak/dowkd PL)

sudo rm/etc/ssh/ssh_host _ {dsa, rsa} key _ *
sudo dpkg-reconfigure-team openssh-server

Now, you need to perform the validation script again and to ensure that it reports no errors. If you still see as warnings to be reported:

SSH/authorized_hosts: 1: weak key

…This means that you keys are stored are still interested, in this case, the file authorized_host. the easiest way to solve this problem is the following problem:

RM SSH/authorized_hosts

Deletes the file is re-created the next time you need or you can use the row on the affected file using your favorite text editor. row is indicated by the final “: 1″ that the row number associated with it.

Continue to run the script./dowkd.pl, as long as the weak points have been reported.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


This entry was posted on October 12, 2010 by and tagged , , , , .
%d bloggers like this: