Feed Search

Search
Use Results
Edit Query
Hide Query

Apr 2 2025

mjones-vsat added a comment to T7217: Private SSH key reuse in the console server service.

@dmbaturin Are you sure that should be 100 instead of a two digit number? I think those will be done in lexicographic order, I suspect there may be confusion generated if someone tries to make a 110, and 11 runs first.

Apr 2 2025, 8:02 PM · VyOS 1.5 Circinus (1.5-stream-2025-Q2), VyOS 1.4 Sagitta (1.4.2), VyOS Rolling

mjones-vsat added a comment to T7217: Private SSH key reuse in the console server service.

Thank you for the quick response to this, and the work to mitigate it 🙌

Apr 2 2025, 5:46 PM · VyOS 1.5 Circinus (1.5-stream-2025-Q2), VyOS 1.4 Sagitta (1.4.2), VyOS Rolling

Mar 30 2025

mjones-vsat added a comment to T7217: Private SSH key reuse in the console server service.

I looked through some Debian and Ubuntu ISOs and didn't notice dropbear installed in the live image. It's likely we are mostly susceptible to this because the live image is used as a loopback mount during normal installation. Many other Debian-based systems would be debootstrapped onto the host.

Mar 30 2025, 2:31 AM · VyOS 1.5 Circinus (1.5-stream-2025-Q2), VyOS 1.4 Sagitta (1.4.2), VyOS Rolling

Mar 18 2025

mjones-vsat added a comment to T7217: Private SSH key reuse in the console server service.

Thanks. I'll see what I can do about reporting this upstream!

Mar 18 2025, 7:07 PM · VyOS 1.5 Circinus (1.5-stream-2025-Q2), VyOS 1.4 Sagitta (1.4.2), VyOS Rolling

Mar 17 2025

mjones-vsat added a comment to T7217: Private SSH key reuse in the console server service.

MITRE has assigned CVE-2025-30095.

Mar 17 2025, 2:18 AM · VyOS 1.5 Circinus (1.5-stream-2025-Q2), VyOS 1.4 Sagitta (1.4.2), VyOS Rolling

Mar 13 2025

mjones-vsat added a comment to T7217: Private SSH key reuse in the console server service.

Looks like it was assigned too restrictively before.

Mar 13 2025, 11:53 PM · VyOS 1.5 Circinus (1.5-stream-2025-Q2), VyOS 1.4 Sagitta (1.4.2), VyOS Rolling

mjones-vsat updated subscribers of T7217: Private SSH key reuse in the console server service.

Mar 13 2025, 11:52 PM · VyOS 1.5 Circinus (1.5-stream-2025-Q2), VyOS 1.4 Sagitta (1.4.2), VyOS Rolling

mjones-vsat added a comment to T7217: Private SSH key reuse in the console server service.

Hi there,

Mar 13 2025, 11:50 PM · VyOS 1.5 Circinus (1.5-stream-2025-Q2), VyOS 1.4 Sagitta (1.4.2), VyOS Rolling

Mar 10 2025

mjones-vsat changed the visibility for T7217: Private SSH key reuse in the console server service.

Mar 10 2025, 9:41 PM · VyOS 1.5 Circinus (1.5-stream-2025-Q2), VyOS 1.4 Sagitta (1.4.2), VyOS Rolling

Mar 6 2025

mjones-vsat added a comment to T7217: Private SSH key reuse in the console server service.

Is there anyone else we should tag on this ticket?

Mar 6 2025, 1:23 AM · VyOS 1.5 Circinus (1.5-stream-2025-Q2), VyOS 1.4 Sagitta (1.4.2), VyOS Rolling

Mar 4 2025

mjones-vsat renamed T7217: Private SSH key reuse in the console server service from test to Key reuse in VyOS Dropbear deployment.

Mar 4 2025, 4:54 PM · VyOS 1.5 Circinus (1.5-stream-2025-Q2), VyOS 1.4 Sagitta (1.4.2), VyOS Rolling

mjones-vsat changed the visibility for T7217: Private SSH key reuse in the console server service.

Mar 4 2025, 4:53 PM · VyOS 1.5 Circinus (1.5-stream-2025-Q2), VyOS 1.4 Sagitta (1.4.2), VyOS Rolling

mjones-vsat created T7217: Private SSH key reuse in the console server service.

Mar 4 2025, 4:52 PM · VyOS 1.5 Circinus (1.5-stream-2025-Q2), VyOS 1.4 Sagitta (1.4.2), VyOS Rolling