jueves, 8 de marzo de 2012

[en] GitHub hacked... so we have to audit SSH keys


lucaMac:nodeapps pepo$ git clone git@github.com:pepoviola/Socket.IO_rooms.git
Cloning into Socket.IO_rooms...
ERROR: Hi pepoviola, it's GitHub. We're doing an SSH key audit.
Please visit https://github.com/settings/ssh/audit/1767330
to approve this key so we know it's safe.
Fingerprint: 7c:(...):54
fatal: The remote end hung up unexpectedly

Yes, I had read the news that they had exploited a vulnerability that allowed update rails attributes inserting a new SSH key for more detail can read these links [0].

Therefore began an audit GitHub SSH key, for it asks that we enter the link listed above ("Please visit https://github.com/settings/ssh/audit/1767330") to approve or reject our key now ... If you have multiple keys as I uploaded to github, since different machines rub shoulders and this means that you must enter each machine and check if the ssh fingerprint is correct or not. Which brings us to what inspired me to write this post, i dont know if everyone knows how to read your fingerprint to validate the github presented to us, if do not know it I leave here a simple explanation.

The first thing to know is where is our public key, which usually is in the path ~/.ssh/ (/home/[user]/.ssh) with the name id_rsa.pub, when you have found this file must run the following command
ssh-keygen -lf ~/.ssh/id_rsa.pub
2048 7c: (...): 54 /Users/pepo/.ssh/id_rsa.pub (RSA)
Which we will return three fields, the first is the size, the second is our fingerprint and is ultimately the public key file.


I hope it was useful and approved yours ssh key on github : D

Links
[0]
     homakov commit (very funny comments)
     how to Gist explaining how the vulnerability was exploited
      thehackernews

No hay comentarios:

Publicar un comentario