Re: openssh remote upgrade procedure?

To: debian-security@lists.debian.org
Subject: Re: openssh remote upgrade procedure?
From: Thomas Hochstein <ml@ancalagon.inka.de>
Date: Wed, 21 May 2008 16:56:18 +0200
Message-id: <[🔎] lds.0805211656.1954@windlord.akallabeth.de>
References: <avust-6uN-5@gated-at.bofh.it> <avzLr-8u-5@gated-at.bofh.it> <avG0H-3KE-33@gated-at.bofh.it> <avQt7-8rC-11@gated-at.bofh.it>

Michel Messerschmidt schrieb:

> 1) Create a new temporary keypair on a non-vulnerable system and 
>    protect the key with a good passphrase.
> 2) Install the temporary public key on the vulnerable system *before* 
>    the upgrade. Because it is no weak key, it won't be blacklisted.
>    Note: You rely on the pasphrase protection of the key, because you 
>    currently have no secured connection to the vulnerable system.

I don't understand that remark. You have to put the *public* key on
the vulnerable system - that key does not need any protection, as it
is, indeed, public.

-thh

Reply to:

Prev by Date: Hear her screaming your name in pleasure!
Next by Date: Re: openssh remote upgrade procedure?
Previous by thread: Re: openssh remote upgrade procedure?
Next by thread: Re: [Pkg-openssl-devel] [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Index(es):
- Date
- Thread