Raspbian SSH key woe
Weak SSH host keys likely on Pi, free certificates for all, and controlling your containers with Minecraft.
According to reports in the Raspberry Pi forums, there’s an issue in the November 2015 release of Raspbian with potentially weak SSH host keys. It is caused by a hardware random number generator not being available when the system is first booted, which results in low entropy (the amount of random data available to the kernel). The recommendation is to apply a patch (when one becomes available) and possibly regenerate host keys. According to others on the forum this actually highlights an issue with many embedded systems/IoT devices where the entropy gathering capability can be low. Weak SSH keys can allow attackers to decrypt traffic between affected devices.
Red Hat has announced version 7.2 of its flagship Red Hat Enterprise Linux distro, which emphasises new security, networking and admin features (and the inevitable container support). OpenSCAP (SCAP being Security Content Automation Protocol) allows RHEL users to measure their systems against all kinds of security baselines and best practices. The Red Hat Identity Management product now supports DNSSEC (Domain Name System Security Extensions, which provides digitally signed responses to domain lookup requests). Improvements have been made to the network kernel stack, and backup software is included known as Relax and Recover (which takes ISO image based backups for bare metal restores).
Let’s Encrypt ( letsencrypt.org), the free automated and open certificate authority, has entered public beta. Anyone using the supplied client can download a free certificate to enable https on their own web server. Let’s Encrypt is backed by the Internet Security Research Group and the Linux Foundation, with a host of well-known internet companies as sponsors.
Finally, DockerCon EU had an interesting demo of containers being controlled via a new user interface: Minecraft. Following a venerable tradition of integrating the Linux command line with popular games (a famous effort made the classic Doom available as an option when processes needed to be killed), Docker engineers used Cuberite, a scriptable version of the Minecraft server, to handle the creation and management of containers, which they DockerCraft ( http://bit.ly/DockerCraft). The project is available on GitHub for all to try out.