On 08/19/2008 01:28 PM, Rod James Bio wrote: > It seems that the difference in package really did matter. > > apt-cache policy libssl0.9.8 > libssl0.9.8: > Installed: 0.9.8c-4 > Candidate: 0.9.8c-4etch3 > Version table: > 0.9.8c-4etch3 0 > 500 http://debian.savoirfairelinux.net stable/main Packages > 500 http://security.debian.org stable/updates/main Packages > *** 0.9.8c-4 0 > 100 /var/lib/dpkg/status > > Does anyone knows how to explain this. I'm pretty new to debian and > particulary linux. Thanks! To make a long story short: there's been a security issue of ssh on debian [1]. One of your machines appears to use the vulnerable version, the other one the updated one. For security reasons the updated version won't connect to or accept connections from insecure machines. Just update the vulnerable machine, follow the steps in [1] and you should be fine. Note that while debian is certainly more secure than many other OS, there are occasional security updates. In order to have a secure system, you should upgrade regularly (and check for upgrades). It also helps to subscribe to debian-security-announce. HTH, cheers, Johannes [1] http://www.debian.org/security/2008/dsa-1576
Attachment:
signature.asc
Description: OpenPGP digital signature