[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: new host key?: Re: compromise of gluck.debian.org, lock down of other debian.org machines

Osamu Aoki <osamu@debian.org> writes:

> PS: It would have been nicer if old hosk identification was backuped and
> used in new system.

Well, not if the system had a root compromise.  The attacker must be
assumed to have the private host key, which means that reusing the same
key would allow them to attack future ssh connections to the system.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: