Forum: ocamlcore.org-ssh-ssl-key-update-and-gforge-upgrade
Posted by: Sylvain Le Gall On 2008/05/14, a grave bug in Debian OpenSSL package has been discovered. This implies that every SSH key and SSL certificate generated since 2006 are weak. As of today, we have secured the certificate on ocamlcore.org site. In particular, the new fingerprint are: SSH DSA key fingerprint of forge.ocamlcore.org 39:70:8d:ed:09:db:79:46:f5:2e:5d:a9:6c:28:a1:73 SSH RSA key fingerprint of forge.ocamlcore.org 07:e8:ea:4f:ed:4f:62:a6:c5:66:78:5b:b3:bb:00:36 SHA1 SSL certificate fingerprint of forge.ocamlcore.org 13:37:45:AE:5A:F4:6F:5E:EA:37:BF:A3:DA:B3:D7:55:E8:BE:1E:B1 Every SSH key of user should be updated, if they are weak key. Use "ssh-keyvuln" in the latest openssh debian package, to check if your key is weak or not. For now, the security setup of ocamlcore.org made brute force attack complicated (DenyHost will forbid too many authentication failures, which made brute force attack a little bit more complicated -- thouhg not impossible). So we will let people connect using their key until the end of the week. After 2008/05/17, we will enable OpenSSH weak key blacklist, that will prevent any connection using a weak key. You should have updated your key before this date. -- GForge upgrade -- On 2008/05/15, in the morning a security update of GForge has been installed automatically. This update has broken some part of the ocamlcore.org configuration leading to bring down the HTTP server. The site is now back online, but project should check that everything is correct on their side (e.g. that their CVS/SVN is not broken). This Gforge update has lead to update the chroot that we have customized over the time. We have checked everything against the last backup of the chroot, but it is better to double check. In particular, the chroot contains CVS/SVN file. We are sorry for the delay, which are mainly due to getting a new SSL certificate from our certificate authority (which is actually under an heavy load due to the SSL security issue). the OCamlCore.org Team. The signed version of this document with Sylvain Le Gall GPG key: https://forge.ocamlcore.org/docman/view.php/1/3/announce-upgrade.txt.ascThis project has not yet categorized itself in the Trove Software Map |
Latest Newsforge distribution upgrade 2013/04/24 - 04/27Sylvain Le Gall - 2013-04-23 15:58 -
0 Comment Read More/Comment
Hardware problem, OVH is investigatingSylvain Le Gall - 2011-04-12 18:42 -
0 Comment Read More/Comment
|
Discussion Forums: ocamlcore.org-ssh-ssl-key-update-and-gforge-upgrade
Monitor Forum | 
Start New Thread
| Topic | Topic Starter | Replies | Last Post |
|---|---|---|---|
 Can't Connect to SVN |  | 0 | 2008-05-20 19:33 |
