[Tfug] Debian SSH vulnerability

[Jeff Breadner]

John Gruenenfelder wrote:
> However, my understanding is also that you (and your systems) are only
> affected by this vulnerabilty is your keys were created *after* the package
> maintainer broke the random number generation and, obviously, before the
> bugfix was released.
>   

On my system (kubuntu 8.04), when I applied the latest updates, a new 
utility 'ssh-vulnkey' was installed.  You can use this to identify which 
keys are vulnerable to this attack vector, and which are OK.

cheers
  Jeff