Changed SSH Keys at SilverFir.net Domains
Don’t worry, there isn’t a man-in-the-middle attack going on — rather, the recent news about a large security hole in all Debian-based systems spooked me enough to regenerate all of the SSH keys.
Don’t worry, there isn’t a man-in-the-middle attack going on — rather, the recent news about a large security hole in all Debian-based systems spooked me enough to regenerate all of the SSH keys.
May 24th, 2008 at 01:01:10 am
I heard about this at about the same time you posted. I saw a Ubuntu package update mentioning something about a ssh key blacklist and decided to investigate. I’m glad this issue is fixed, but am growing increasingly concerned about ssh brute forcing. Maybe it is time to go to pre-shard keys only for SSH access on silverfir? Another alternative would be some form of increasing delay script when an ip fails an authentication attempt?
I’ve also heard about an increasing number of SQL injection attacks. It probably makes sense to look into the mysql configuration at some point. I’m pretty busy atm, but would you want to jointly tackle this after that whole graduation thing?