Ignoramus12901 wrote:

Very nearly.

* If you generated your private key with a broken version of
ssh-keygen then you lose. The attacker can work out your private
key easily and impersonate you to everyone.

* Worse, if you authenticated yourself to anyone using a DSA key using
a broken ssh client, then you lose. The attacker can recover your
private key, and impersonate you as before. This happens regardless
of when the DSA key was generated.

* If your server generated its key with a broken version of ssh-keygen
then you lose. The attacker can impersonate the server and use this
to collect passwords you type in, persuade you to believe in lies or
whatever.

* And similarly, if the server authenticated itself using a DSA key
using a broken sshd then you lose. The attacker can recover the
server public key, with consequences as above. This happens
regardless of when the DSA key was generated.

* If /either/ the client or server is broken then you lose that
particular session. The attacker has a good chance to work out the
session key, decrypt all the traffic (even retrospectively, if he
kept records) and to hijack your session (i.e., pretend to be you to
the server and pretend to be the server to you, but in real time
only).

If you are even slightly affected by the bug, I strongly recommend:

* Generate fresh SSH private keys and redistribute them.

* If you maintain a server, regenerate at least the its DSA keys (and
send PGP-signed email to your users listing the new keys).

I don't think it's worth taking chances on this one.

Only if he has managed to compromise the user's private key or break
into an existing session.

-- [mdw]