On 2026-04-29, Turritopsis Dohrnii Teo En Ming <[email protected]> wrote: > Subject: Am I affected by OpenSSH security flaw CVE-2026-35414? > > Good day from Singapore, > > I refer to the following article. > > Article: OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years > Link: > https://www.securityweek.com/openssh-flaw-allowing-full-root-shell-access-lurked-for-15-years/ > Date of article: 27 Apr 2026 > > I don't use SSL certificates to login to SSH server. Am I affected by this > security flaw?
OpenSSH does not use SSL/TLS. This is about ssh's own certificates, see the CERTIFICATES section of ssh-keygen(1). Normal ssh public key authentication is not affected. On the whole, if you're affected, it's almost certain that either you know you're using ssh certs, or they've been configured for you by someone that should be keeping sufficient track of openssh development that they should know about the problem. -- Please keep replies on the mailing list.
