I noticed that my /root/.ssh/authorized_keys is using ecdsa-sha1-nistp521. Is this vulnerable in the way that this CVE announces? ## CVE-2024-31497 If so, I’m not sure about how to get DO to regen the key. Support tickets for DO don’t have a topic that covers this, so I’m asking here. I have not tried resetting the root password, but that also didn’t seem like what I’m asking for.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Heya
As stated, It’s not a problem to use such a key as the Vulnarability is for tools like Putty.
As for the SSH keygen regen, you can do that yourself you just need to generate a new key with Putty or if you are using Ubuntu subsystem on your Windows machine and paste the .pub key in the
/root/.ssh/authorized_keys
file.Hey @digitalocean657,
I believe that this should only affect you if you’re managing your SSH keys and sessions, with tools like PuTTY or any other mentioned in the CVE, are among those affected.
The versions listed (PuTTY 0.68 through 0.80 before 0.81, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6) are known to be vulnerable.
If this is the case make sure to install PuTTY 0.81 or later, FileZilla 3.67.0 or later, WinSCP 6.3.3 or later, etc.
I’ve forwarded this question internally for further investigation as well. So thank you for bringing it up!
Also, feel free to reach out to the DigitalOcean support team who will be more than happy to assist you further as well! :)
You can choose the following topics when creating the ticket:
Hope that helps!
- Bobby.