Posted May 13, 2008 22:28 UTC (Tue) by man_ls
In reply to: HOWTOs please!
Parent article: Cryptographic weakness on Debian systems
Great info, thanks!
Although I don't understand step 3: "Generate new host keys for ssh". I'm purging my system of DSA keys, and I find that by default my systems identify using RSA keys (as seen in ~/.ssh/known_hosts). This part should be safe then. Why regenerate all host keys? This will only create a new set of (still insecure) DSA keys, which as it seems are not used anyway.
Yes, this specific step 3 leads to a lot of work I'm too lazy to do: erasing all known_hosts files and recreating them. And this is on a small home LAN; on a big network I can imagine it must be a real pain.
to post comments)