OpenSSL
Niels Dettenbach
nd at syndicat.com
Tue Apr 8 11:31:43 PDT 2014
Am Dienstag, 8. April 2014, 20:03:30 schrieb Harald Hanche-Olsen:
> But ssh does not use the openssl libraries, so there is no point, as
> this bug will not have exposed the ssh host keys.
hmm,
i'm not deep into the OpenSSH developement yet, but i thought that OpenSSH
does even use (or at least implements part of a current) OpenSSL?
ssh -v somehost:
...
OpenSSH_6.6, OpenSSL 1.0.1g 7 Apr 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to abc.de.tld [1.2.3.4] port 22.
debug1: Connection established.
...
But as far as i can read til now OpenSSH uses OpenSSL code not related to
TLS/SSL or the ASN.1 parser which is affected here - but yesterday and today
some distributors gave openssh updates in parallel regarding another security
hole in OpenSSH (i.e. Debian) including a new host key generation.
cheerioh,
Niels.
--
---
Niels Dettenbach
Syndicat IT & Internet
http://www.syndicat.com
PGP: https://syndicat.com/pub_key.asc
---
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.macosforge.org/pipermail/macports-users/attachments/20140408/5a969ad3/attachment.sig>
More information about the macports-users
mailing list