Recent Features
| |||||||||||||
HOWTOs please!HOWTOs please!Posted May 14, 2008 10:24 UTC (Wed) by furball4 (guest, #52069)In reply to: HOWTOs please! by jch Parent article: Cryptographic weakness on Debian systems
I updated openssl as soon as it was available and then ran ssh-keygen to replace /root/.ssh/id_rsa and /root/.ssh/id_rsa.pub. But that was before an ssh update was available. Was key creation fixed at this point, or are my new keys still potentially vulnerable? They are not flagged by the now-available ssh-vulnkey, but that won't necessarily catch everything. I also regenerated some SSL certificates, but since that is actually using the openssl command-line interface it would obviously have been fixed by that point. In any event, I need to figure out if I have to back and redo personal keys again. Additionally, the new ssh packages don't give me an option to regenerate host keys, as the email seemed allude to. I had to do that by hand.
(Log in to post comments)
HOWTOs please! Posted May 14, 2008 10:41 UTC (Wed) by endecotp (guest, #36428) [Link] I think you're OK. The new ssh packages primarily include stuff to check for (and reject?) vulnerable keys. The old ssh code itself did not have any problems.
HOWTOs please! Posted May 14, 2008 16:09 UTC (Wed) by furball4 (guest, #52069) [Link] Thanks. I also noticed that the new package did regenerate host keys when the existing ones ran afoul of the vulnerable key checker. I would have preferred if it had an option to regenerate them anyway, but oh well, it's easy enough to do by hand.
|
|||||||||||||