Y
Hacker News
new
|
ask
|
show
|
jobs
by
sharjeel
3807 days ago
Since this is a client side issue, can this be used to exploit those automated scanners who try to break into your SSH machine?
2 comments
Stefan-H
3807 days ago
Authenticated scanners that use key auth like Qualys' security appliances could have private keys that are valid across the organization, and if using an affected client version, could leak this information to a malicious system on your network.
link
dsr_
3807 days ago
No. The scanners are looking for password-accessible accounts, not keyed accounts. The scanners won't have useful keys, nor listening ssh daemons.
link