Date: Thu, 10 Apr 2014 12:10:09 +0200 From: Carlo Strub <cs@FreeBSD.org> To: Lena@lena.kiev.ua Cc: freebsd-security@freebsd.org, mexas@bris.ac.uk Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:06.openssl Message-ID: <1397124609.974780.949873937.113568.2@c-st.net> In-Reply-To: <20140409084809.GA2661@lena.kiev> References: <20140409084809.GA2661@lena.kiev> <201404082334.s38NYDxr098590@freefall.freebsd.org> <201404090821.s398LMg7020616@mech-cluster241.men.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
> > SSH is not affected. > SSH is indeed not affected, but I guess you should still consider the secret sshd key on your otherwise affected server as burnt, as it might have been in the memory too while an attacker was inspecting it via heartbleed. Better recreate the secret ssh key and all other secret keys on your server as well. But, again, the OpenSSH protocol/software per se are not affected.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1397124609.974780.949873937.113568.2>