May 15 2008
If you’re using Debian or Ubuntu, it looks like you need to generate a new set of keys immediately, if not sooner! The SSH keys on those systems used the PID of the process as a seed for generating the old keys, which severely limits the randomness of the keys and has made it possible for a rainbow table of all possible keys to be generated.
There’s some debate about whether this vulnerability is related to an increase in SSH scanning on the Internet, but that’s really immaterial; it will cause a rise in SSH scans soon. Better to secure your system now and stay ahead of the curve than be one of the people unlucky enough to get compromised. As always, the real danger is not what’s happening today, but what happens in a few months when the awareness dies down and people who didn’t get the alerts leave their vulnerable machines on the Internet.
The Internet Storm Center thinks this is really important, so you probably should too.