IMPORTANT: OpenSSL & OpenSSH Vulnerabilities : Confirm & Fix Instructions

I’m sure many of you have heard by this point that there is a reported vulnerability in openSSL and openSSH.  The basis of this is that they keys that are generated when you use these tools (ie; installing openssh-server, etc) are generated in a weak manner and can be prone to simple brute force attacking.

If you’ve never installed openssh-server, used openssh-clients or generated an X.509 certificate you should be safe.  If you have done any of the above keep reading for a validation and fix instructions.  It can’t hurt to run the validation script in either case, just to be safe.

Security patches have been deployed to the Ubuntu archives so the first step is to, of course, apply any security patches available.

Am I Affected?

The first item at hand is verifying whether or not you have been affected by the vulnerability.  As mentioned above there are some common tasks that would qualify, but lets test your machine to make sure.