If you’re running debian or ubuntu, your ssh keys are vulnerable. Follow these steps to regenerate them and secure your box back up.

apt-get update  
apt-get upgrade  
cd /etc/ssh/  
rm ssh_host_dsa_key  
rm ssh_host_dsa_key.pub  
rm ssh_host_rsa_key  
rm ssh_host_rsa_key.pub  
ssh-keygen -t dsa (filename as /etc/ssh/ssh_host_dsa_key)  
ssh-keygen -t rsa (filename as /etc/ssh/ssh_host_rsa_key)  
/etc/init.d/ssh restart

Comments

Comment by Christopher DeMarco on 2008-05-15 15:11:28 -0500

This only fixes connections from this host to others. Inbound connections are still problematic!

You need to edit your /etc/ssh/sshd_config file, and set these options:

RSAAuthentication no
PubkeyAuthenticatio no

Then remove the .ssh/authorized_keys and authorized_keys2 files in EVERY USER’s HOME DIRECTORY. (cut -d: -f6 < /etc/passwd) .

After that, you can flip those sshd_config options back on.

NOW you’re safe!