SSH security changes

It was recently discovered that Debian Linux had modified SSL encryption to inadvertently generate weak keys from 2006 until very recently. SSH on DragonFly now includes a tool to check for this issue, and will deny people using those weak keys.

Posted by     Categories: Committed Code     2 Comments
2 Comments on SSH security changes


  1. Matt says:

    I think the Debian developers actually modified the OpenSSL package, which is used by OpenSSH (the post says “[…] had modified SSH […]”). It didn’t sound like any direct modifications to the OpenSSH package contributed to the problem. The “Debian: Guaranteed Entropy” picture is awesome, though. lol

  2. justin says:

    Yeah, good point – I changed the wording to match.