Thank you for that. Just so I have something concrete: We do _not_ need to update SSH Host keys, correct?
-Mathew "When you do things right, people won't be sure you've done anything at all." - God; Futurama "We'll get along much better once you accept that you're wrong and neither am I." - Me On Tue, May 13, 2014 at 10:06 AM, Robert Hajime Lanning <[email protected]>wrote: > SSH is not affected by the Heartbleed bug. > > Heartblead is a vulnerability in the implementation of SSL/TLS protocol, > not the actual encryption. > > SSH is it's own protocol. The only OpenSSL calls are for libcrypt.so, not > libssl.so. > > There is no such thing as an SSL Heartbeat in SSH. > > > On 05/13/14 12:57, Mathew Snyder wrote: > >> SSH.com states that SSH is _not_ affected by the bug. I haven't found >> anything regarding openSSH, though. >> >> We are currently in a discussion as to whether or not we should be >> updating the host keys across our entire enterprise. If SSH doesn't use >> TLS, which the bug affects, is it necessary to replace the host keys? >> > > -- > Mr. Flibble > King of the Potato People > http://www.linkedin.com/in/RobertLanning > _______________________________________________ > Tech mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ >
_______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
