Re: Probable SSH Vulnerability

[Florian Weimer <fw@deneb.enyo.de>]

Tim Peeler <thp@linux00.LinuxForce.net> writes:

> I've done some research and have seen reports on several "kits"
> available to exploit the SSH1 protocol.

Can you send me a few links?  I can only remember attacks which
required (a) eavesdropping, (b) huge amounts of traffic (you would
have noticed it), (c) or cooperation of the user (not checking server
fingerprints) and traffic redirection using DNS.

>> manipulation capabilities.  If the edge networks are trustworthy, you
>> face a very powerful adversary.  Why do you think you are so special?
>
> Does there have to be a reason?  How about: some script kiddie

As I wrote in my other message, WAN eavesdropping is not exactly the
thing script kiddies do.

> We are still looking at a problem with SSH2 as well, since at least
> one of the servers that was attacked used only SSH2.  The attack
> on these servers could have been due to a stolen key, but not likely.

You should try to obtain Debian media in known-good state and
reinstall from scratch.  Be very careful when restoring the backup...