Difference between revisions of "Debian OpenSSL"

From YobiWiki
Jump to navigation Jump to search
m
m
Line 31: Line 31:
 
sudo dpkg -i openvpn-blacklist_0.1-0ubuntu0.8.04.1_all.deb
 
sudo dpkg -i openvpn-blacklist_0.1-0ubuntu0.8.04.1_all.deb
 
Now you have openvpn-vulnkey tool
 
Now you have openvpn-vulnkey tool
  +
===Others===
  +
* [http://wiki.debian.org/SSLkeys#head-860f44b5b39b7db798a5f48162f2f253ad68d650 encfs]
  +
** My key is older, ouf!

Revision as of 11:55, 16 May 2008

This is a compilation of my notes on this matter

Links

misc

OpenSSH

Etch version gives you openssh-blacklist package and ssh-vulnkey in openssh-client
This Etch version has a sshd which checks all client connections against the blacklist so even if the keys are still in authorized_keys you should be safe

OpenSSL

wget https://launchpad.net/ubuntu/hardy/+source/openssl-blacklist/0.1-0ubuntu0.8.04.2/+files/openssl-blacklist_0.1-0ubuntu0.8.04.2.tar.gz
tar xzf openssl-blacklist_0.1-0ubuntu0.8.04.2.tar.gz
cd openssl-blacklist-0.1
Edit debian/control and cleans the dependence on openssl for Ubuntu
fakeroot debian/rules binary
cd ..
sudo dpkg -i openssl-blacklist_0.1-0ubuntu0.8.04.2_all.deb

Now you have openssl-vulnkey tool

OpenVPN

It's not about the SSL keys, those can be checked with openssl-vulnkey.
It's about the shared static keys (openvpn -genkey)

wget https://launchpad.net/ubuntu/hardy/+source/openvpn-blacklist/0.1-0ubuntu0.8.04.1/+files/openvpn-blacklist_0.1-0ubuntu0.8.04.1.tar.gz
tar xzf openvpn-blacklist_0.1-0ubuntu0.8.04.1.tar.gz
cd openvpn-blacklist-0.1
fakeroot debian/rules binary
cd ..
sudo dpkg -i openvpn-blacklist_0.1-0ubuntu0.8.04.1_all.deb

Now you have openvpn-vulnkey tool

Others

  • encfs
    • My key is older, ouf!