Re: HEAD's UP: possible 0day SSH exploit in the wild

To: debian-security@lists.debian.org
Subject: Re: HEAD's UP: possible 0day SSH exploit in the wild
From: Peter Jordan <usernetwork@gmx.info>
Date: Fri, 10 Jul 2009 19:44:53 +0200
Message-id: <[🔎] h37umm$nia$1@ger.gmane.org>
In-reply-to: <[🔎] 87ws6gih7f.fsf@windlord.stanford.edu>
References: <[🔎] 20090708143825.GF2565@gamma.logic.tuwien.ac.at> <[🔎] 5344ee8d0907080814x1a155b54n8298267c13b5b86d@mail.gmail.com> <[🔎] 235a4bf70907080933i33b77b67t4f72e489313e26a1@mail.gmail.com> <[🔎] f971bab40907080937v33884e78nce8291d34140f3de@mail.gmail.com> <[🔎] 235a4bf70907081403s7e2b9aadpa1d21e289d940211@mail.gmail.com> <[🔎] 20090708211330.GR16064@morgul.net> <[🔎] h340h6$aik$1@ger.gmane.org> <[🔎] 87fxd5kie1.fsf@windlord.stanford.edu> <[🔎] h354au$nf9$1@ger.gmane.org> <[🔎] 20090709160454.GS16064@morgul.net> <[🔎] h359vf$g9v$1@ger.gmane.org> <[🔎] 87iqi1bspm.fsf@windlord.stanford.edu> <[🔎] h35evp$voi$1@ger.gmane.org> <[🔎] 9l3a95ve88.fsf@not-invented-here.oucs.ox.ac.uk> <[🔎] h35heg$8fa$1@ger.gmane.org> <[🔎] 87my7dab3d.fsf@windlord.stanford.edu> <[🔎] h35iig$btq$1@ger.gmane.org> <[🔎] 87prc98o0h.fsf@windlord.stanford.edu> <[🔎] h3753t$4nh$1@ger.gmane.org> <[🔎] 8763e0r4nh.fsf@windlord.stanford.edu> <[🔎] h37sac$g2g$1@ger.gmane.org> <[🔎] 87ws6gih7f.fsf@windlord.stanford.edu>

Russ Allbery, Fri Jul 10 2009 19:24:52 GMT+0200 (CEST):
> Peter Jordan <usernetwork@gmx.info> writes:
>> Russ Allbery, Fri Jul 10 2009 16:31:14 GMT+0200 (CEST):
> 
> 
>> But for new installations a change is not a bad idea?
> 
> Yeah, for new installations it's generally best to start the master key
> at the strongest supported key type.  MIT 1.7 supports rekeying, though,
> which makes things much simpler.
> 
> 
>> How can i see that the change has worked?
> 
> klist -e will show you the enctypes of the tickets in your cache.  You
> can also check the enctypes of the tickets issued by the KDC in the KDC
> logs, although those are numeric and a bit less easy to understand.
> 

hmmm, although i have set supported enctypes
	supported_enctypes = aes256-cts:normal
and restarted kdc nothing seens to have changed.

After calling "kinit" klist -5e show me:
Etype (skey, tkt): Triple DES cbc mode with HMAC/sha1, Triple DES cbc
mode with HMAC/sha1

PJ

Reply to:

Follow-Ups:
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Russ Allbery <rra@debian.org>

References:
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Norbert Preining <preining@logic.at>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Rafael Moraes <rafael@bsd.com.br>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Roger Bumgarner <roger.bumgarner@gmail.com>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Jim Popovitch <jimpop@gmail.com>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Roger Bumgarner <roger.bumgarner@gmail.com>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Noah Meyerhans <noahm@debian.org>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Peter Jordan <usernetwork@gmx.info>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Russ Allbery <rra@debian.org>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Peter Jordan <usernetwork@gmx.info>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Noah Meyerhans <noahm@debian.org>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Peter Jordan <usernetwork@gmx.info>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Russ Allbery <rra@debian.org>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Peter Jordan <usernetwork@gmx.info>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: pod <pod@herald.ox.ac.uk>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Peter Jordan <usernetwork@gmx.info>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Russ Allbery <rra@debian.org>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Peter Jordan <usernetwork@gmx.info>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Russ Allbery <rra@debian.org>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Peter Jordan <usernetwork@gmx.info>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Russ Allbery <rra@debian.org>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Peter Jordan <usernetwork@gmx.info>
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: HEAD's UP: possible 0day SSH exploit in the wild
Next by Date: Re: HEAD's UP: possible 0day SSH exploit in the wild
Previous by thread: Re: HEAD's UP: possible 0day SSH exploit in the wild
Next by thread: Re: HEAD's UP: possible 0day SSH exploit in the wild
Index(es):
- Date
- Thread