In light of the not so recent news regarding the vulnerability of openSSH in Debian, many systems have had to be patched and inter-machine keys changed.
Via
Steven Rosenberg's Site I learn that a simple 'apt-get update && apt-get dist-upgrade'
will update the necessary files on my system. Also in the blog entry is a reference to
DRONEBL which is another black list site
dealing with root compromised sites. A commenter posts the following interesting remarks
about further protecting a server:
If you aren't running fail2ban or denyhosts, you should. Both will detect brute force
attempts and deny connections from the attacker for a time. If you feel uncomfortable
automatically banning hosts for failed logins, you can weakly configure whichever you choose
to allow 20 or more failed attempts before banning. There's no reason any authenticated
service should tolerate brute force attempts, in my humble opinion.
Finally, there are services, such as the DroneBL dnsbl, which have honeypot servers set
up to detect brute force attempts and add them to a blacklist. You can use the "aclexec"
directive in hosts.deny to query this blacklists before allowing clients to connect, to
prevent connections from known brute force attackers. See http://headcandy.org/rojo/ for a
suitable script to call via aclexec (view the source for the checkdnsbl script for usage
instructions), and see the man page for hosts_options for more info.
Running 'ssh-vulnkey -a' showed that there were a couple keys that needed to be
deleted and/or redone.
Debian has a
WIKI with good information
regarding the problem, affected programs, and utilities to help determine where the problems
are.
If weak keys have been copied to other non-Debian hosts, the keys need to be removed
from those hosts as well.