Blog Tags: 
ssh
security
announcement
ecdsa

Security update regenerates stale SSH ECDSA host key

Liraz Siri - Wed, 2014/08/13 - 19:31 - 17 comments

Peter Lieven from KAMP.de discovered a problem with TurnKey 13.0 where the OpenSSH ECDSA key is not regenerated on firstboot like the RSA and DSA host keys.

We've issued a signed hotpatch to TurnKey Core 13.0 that regenerates the ECDSA SSH host key. TurnKey deployments that have not disabled automatic security updates (it's on by default) will have their ECDSA SSH host key regenerated automatically within the next 24 hours.

Read more and discuss
Blog Tags: 
ssh
admin

SSH session slow to start? It's the DNS stupid!

Liraz Siri - Mon, 2010/03/08 - 13:10 - 2 comments

Ever tried logging into a machine with ssh and found you have to wait much longer than reasonable for the session to start? This happened to me a few times and was especially annoying with machines on my local network (or a VM attached to a virtual network) that should be letting me in immediately.

Read more
Blog Tags: 
ssh
admin
security
ssl

We don't need no stinking SSL

Liraz Siri - Mon, 2010/02/15 - 08:34

Why we disabled SSL and use an SSH tunnel for web site administration

Content managements systems like the one we're using for the web site (Drupal) need to provide a privileged administration interface which you usually want to access securely. Due to the insecure nature of the Internet, it's reasonable to assume your traffic may be intercepted at some point. So how do you prevent that?

Up until recently, we used SSL. You could access the web site from both:

Unfortunately, as the site grew in complexity this created a range of subtle but annoying paper-cut type problems.

Read more and discuss