On 05/13/2014 01:29 PM, Brandon Allbery wrote: > > On Tue, May 13, 2014 at 4:21 PM, David Nolan > <[email protected] <mailto:[email protected]>> > wrote: > > While SSH is not affected directly by the heartbleed bug, if you > have a server that was affected by the heartbleed bug there is some > risk that the SSH private key may have been exposed. > > > This requires that you somehow got the ssh private key into the memory > of an SSL-using process. I would argue that if that was possible, you > already had a pretty significant security hole.
The only possibility I can think of is if you're using HTTPS as a way of distributing SSH private keys. I've never heard of anyone doing such a thing, but I suppose someone's probably tried it. Skylar _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
