[Nevis-linux] ssh keys

William Seligman seligman at nevis.columbia.edu
Mon Oct 6 12:52:06 EDT 2008


If you don't know what an "ssh key" is, or you have never set up "pine without a 
password" as described in 
<http://www.nevis.columbia.edu/mail/pine-without-password.html>, you can ignore 
this message.

On 03-Sep-2008, I sent out a notice about a security incident at Nevis, and 
asked everyone to change their passwords.  Unfortunately, I have learned that 
the attacker potentially had access to some users' ssh keys as well.

At the time of the security incident, I changed all the system and my personal 
ssh keys, since I thought those there the only ones relevant to the attack.  Now 
that I know that the attacker had access to other ssh keys, I must ask everyone 
to change their ssh keys as well.

I know that, in some ways, changing your ssh keys can be more painful than 
changing your passwords.  If you need some help in going through this procedure, 
please let me know.

-- 
Bill Seligman             | Phone: (914) 591-2823
Nevis Labs, Columbia Univ | mailto://seligman@nevis.columbia.edu
PO Box 137                | http://www.nevis.columbia.edu/~seligman/
Irvington NY 10533 USA    | XDI: http://public.xdi.org/=william.seligman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3277 bytes
Desc: S/MIME Cryptographic Signature
Url : http://listserv.nevis.columbia.edu/pipermail/nevis-linux/attachments/20081006/706398d3/attachment.bin 


More information about the Nevis-linux mailing list