From mjbaysek at cs.cmu.edu Fri May 16 15:23:07 2008 From: mjbaysek at cs.cmu.edu (Michael J. Baysek) Date: Fri, 16 May 2008 15:23:07 -0400 Subject: [auton-users] Auton Lab Notice: OpenSSL / SSH vulnerability Fixed Message-ID: <482DDF1B.5090105@cs.cmu.edu> Hello Lab, A recently discovered bug in Debian-based Linux distributions causes SSL/SSH keys to become somewhat predictable. The bug has been fixed, and I have updated all of your desktop machines. If you are running Ubuntu in a virtual machine, I urge you to perform all updates by clicking on the update manager and entering your password. Alternatively, you can drop to a shell, and run "sudo aptitude update; sudo aptitude upgrade". If you prefer me to service your virtual machine, please let me know. A side effect of the subsequent security checks I have done was that I had to regenerate some of your ssh keys. I also removed all vulnerable ssh keys from the .ssh/authorized_keys2 files in your home directories. If you notice any problems such as having to enter your password for CVS transactions, and you didn't have to before, please let me know and I will correct it for you. For those of you whose keys I had to regenerate, you should be ok - I already updated your authorized_keys2. The only way you will still have a problem is if you have an external machine that you were using to access the system. You should regenerate your personally owned machines SSH keys before re-adding the public key to the authorized_keys2 files on our system. If you need to regenerate the SSH key for your user account, you can run "ssh-keygen -t rsa" at your shell prompt. Please let me know if I can be of any help cleaning up after this update - Mike -- -- Michael J. Baysek, Systems Analyst Carnegie Mellon University - Auton Lab www.cmu.edu - www.autonlab.org 412-268-8939 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature URL: From mjbaysek at cs.cmu.edu Tue May 27 15:20:49 2008 From: mjbaysek at cs.cmu.edu (Michael J. Baysek) Date: Tue, 27 May 2008 15:20:49 -0400 Subject: [auton-users] Auton Lab Machine Shutdown TONIGHT Message-ID: <483C5F11.6010105@cs.cmu.edu> This is a reminder that the CMU FMS scheduled power outage will affect all Auton Lab servers. I will begin the shutdown sequence at around 8:30 PM tonight. I hope to have the system available by 9:00 AM tomorrow, but if the SCS core system outage extends into business hours, then our system will also not be available.