≡ Menu


Ubuntu / Debian Linux Find Weak OpenSSL keys

This bug really was a bad one. I've client with over 200 Debian Linux server. Updating all systems wasn't the problem. With the help of Cfengine I was able to push updates but managing all workstation ssh keys (over 1000+ Windows and Linux/BSD workstations) and testing everything took so much time. Debian shouldn't have modified the package in first place. I also had to upgrade over 30 SSL certificates and a whole new CA for OpenVPN. Luckily VeriSign is providing revocation and replacement of SSL certificates (generally it is not provided free of charge) till 30-June-2008.

How do I find out all weak keys?

You can check all your weak keys with following commands:
# wget http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
# wget http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc
# gpg --keyserver subkeys.pgp.net --recv-keys 02D524BE
# gpg --verify dowkd.pl.gz.asc
# gunzip dowkd.pl.gz
# perl dowkd.pl host localhost

You should see 0 weak keys. If you run Debian or Ubuntu Linux upgrade your OpenSSL and fix all the affected softwares. There is also wiki page that will address all your concerns. Overall it lasted for few days for large clients. How many hours did you spend updating Debian systems?

Book Review: Linux Networking Cookbook

Linux networking cookbook is a book for a seasoned Linux network administrator. The book attempts to describe day-to-day networking administration, maintenance and advanced issues commonly faced by us. Book covers wild verity of topics or so called recipes for Linux networking such as:

=> Building Custom Gateways using Soekris 4521 embedded board
=> Linux Firewall
=> Linux based wireless access point
=> Building a VoIP servr with Asterisk
=> Linux Routing
=> Secure remote administration with OpenSSH
=> Setting up VPNs with OpenVPN and PPTP VPN server

Book Review: Linux Networking Cookbook

=> Linux IPv6 Configurations
=> Single sign-on with Samba for nixed Linux/Windows LANs
=> Setting up centralized network directory with OpenLDAP
=> Network Monitoring with Nagios
=> Network Monitoring with MRTG
=> Setting up Linux Dial up server
=> Setting up central Linux network installation server for on demand os reload and much more

I must say Carla has done an astonishing work to put together Linux networking cookbook.

This is not your Linux networking from scratch guide. Linux networking cookbook is a task-oriented book intended to offer solutions to the daily Linux networking problems and goals the Linux networking admin faces. You may be aware of that Linux networking is a complex subject. So if you need one central reference book along with examples, this book is a must for you. Each small how to (read as recipe) comes with a nice example and sample configuration / commands to carry out a task. I'm sure this book will save your precious time and energy.


Sure you will find most of the information mentioned in this book throughout mailing lists, forums, blogs, and discussion groups but not in one handy guide. Overall, a great book that touches all important Linux networking aspects. This book is highly recommended to all Linux networking admins / MCSEs / RHCEs / UNIX admins:


    + Easy of use - Gain new skills
    + Time saving tips
    + Enhance your knowledge
    + Practical advice with tons of working examples


    - N/A
=> Book title: Linux Networking Cookbook (Linux) [ILLUSTRATED] (Paperback)
=> Author: Carla Schroder
=> Publisher: O'Reilly Media, Inc.
=> Pub Date: November 26, 2007
=> ISBN: ISBN-10: 0596102488 / ISBN-13: 978-0596102487
=> Pages: 638 pages
=> Level of experience needed: New - Intermediate user
=> Who will find useful: UNIX/Linux network admin / IDC Tech support staff
=> Additional goodies included (such as CDROM) : No
=> Book ratings: 4/5
=> Purchase online @ Amazon