Our friends at Zenoss were recently in San Diego for the LISA conference, which MindTouch too exhibited at. We met up with Matt Ray and Mark Hinkle while they were in town. Both are open source luminaries and down right wonderful guys.  In an afternoon Matt create a fantastically useful MndTouch Deki and Zenoss mashup that allows IT, System and Network admins to more efficiently manage their infrastructure by combining the collaborative and business automation capabilities of MindTouch and the robust monitoring and management capabilities of Zenoss. Now, admins can put real-time systems information and management consoles in context with IT documentation and best practices. This kind of business automation delivers significant gains in productivity and  operational efficiency and demonstrates the power and flexibility of both products. Matt writes of his experience in creating this mashup at the Zenoss blog and he created a new sourceforge project page for the mashup where you can download his work.

 

Since the 8.05 Jay Cooke VM release, Debian has announced several security updates which affect the Deki Wiki VM. Because reading the debian-security-announce mailing list probably isn’t your idea of fun (though I think it is), we’ve started tracking the Deki Wiki specific updates on the DekiWiki VM Security Updates page.

One of the latest vulnerabilities is particularly annoying. According to DSA-1576-1:

The recently announced vulnerability in Debian’s openssl package (DSA-1571-1, CVE-2008-0166) indirectly affects OpenSSH. As a result, all user and host keys generated using broken versions of the openssl package must be considered untrustworthy, even after the openssl update has been applied.

To apply the security fix for openssl and openssh you’ll need run the following commands (as root)

apt-get update
apt-get upgrade
apt-get install openssh-server openssh-client

This will regenerate a secure host key for you. The next time you log in via SSH you will most likely receive the following error message:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
52:8e:93:04:64:a5:7e:ac:c8:2c:2b:9a:96:ad:66:32.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:58
RSA host key for 192.168.1.215 has changed and you have requested strict checking.
Host key verification failed.

For most people this is simply an annoyance. However, if you have any automated processes that use the old ssh keys to log in, you will need to update your keys. The DSA has a lot of good info, and instructions on how to use ssh-vulnkey too identify weak keys so I highly recommend giving it a good read.

As always, if you have any questions please drop by the forums or IRC!