SSH is not affected by the Heartbleed bug.
Heartblead is a vulnerability in the implementation of SSL/TLS protocol,
not the actual encryption.
SSH is it's own protocol. The only OpenSSL calls are for libcrypt.so,
not libssl.so.
There is no such thing as an SSL Heartbeat in SSH.
On 05/13/14 12:57, Mathew Snyder wrote:
SSH.com states that SSH is _not_ affected by the bug. I haven't found
anything regarding openSSH, though.
We are currently in a discussion as to whether or not we should be
updating the host keys across our entire enterprise. If SSH doesn't use
TLS, which the bug affects, is it necessary to replace the host keys?
--
Mr. Flibble
King of the Potato People
http://www.linkedin.com/in/RobertLanning
_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
