It was recently discovered that Debian Linux had modified SSL encryption to inadvertently generate weak keys from 2006 until very recently. SSH on DragonFly now includes a tool to check for this issue, and will deny people using those weak keys.
2 Replies to “SSH security changes”
Comments are closed.
I think the Debian developers actually modified the OpenSSL package, which is used by OpenSSH (the post says “[…] had modified SSH […]”). It didn’t sound like any direct modifications to the OpenSSH package contributed to the problem. The “Debian: Guaranteed Entropy” picture is awesome, though. lol
Yeah, good point – I changed the wording to match.