Question

Droplet Console Security

I noticed that my /root/.ssh/authorized_keys is using ecdsa-sha1-nistp521. Is this vulnerable in the way that this CVE announces? ## CVE-2024-31497 If so, I’m not sure about how to get DO to regen the key. Support tickets for DO don’t have a topic that covers this, so I’m asking here. I have not tried resetting the root password, but that also didn’t seem like what I’m asking for.

Show comments

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSys
Site Moderator
Site Moderator badge
May 13, 2024

Heya

As stated, It’s not a problem to use such a key as the Vulnarability is for tools like Putty.

As for the SSH keygen regen, you can do that yourself you just need to generate a new key with Putty or if you are using Ubuntu subsystem on your Windows machine and paste the .pub key in the /root/.ssh/authorized_keys file.

Bobby Iliev
Site Moderator
Site Moderator badge
May 11, 2024

Hey @digitalocean657,

I believe that this should only affect you if you’re managing your SSH keys and sessions, with tools like PuTTY or any other mentioned in the CVE, are among those affected.

The versions listed (PuTTY 0.68 through 0.80 before 0.81, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6) are known to be vulnerable.

If this is the case make sure to install PuTTY 0.81 or later, FileZilla 3.67.0 or later, WinSCP 6.3.3 or later, etc.

I’ve forwarded this question internally for further investigation as well. So thank you for bringing it up!

Also, feel free to reach out to the DigitalOcean support team who will be more than happy to assist you further as well! :)

https://www.digitalocean.com/support/

You can choose the following topics when creating the ticket:

Hope that helps!

- Bobby.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more