[ale] Debian Security Advisory...

Jim Philips philips_jim at bellsouth.net
Wed May 14 06:07:44 EDT 2008


On Wednesday 14 May 2008 02:04:07 am Brian Pitts wrote:
> Jim Popovitch wrote:
> > Further to all this (and top posted to gain maximum attention), Debian
> > and Ubuntu users need to MANUALLY regenerate ssh HOST keys
> > (/etc/ssh/ssh_host_*key*)
>
> I don't think Ubuntu users do. After applying the updates to Ubuntu 7.10
>
> /etc/ssh$ ls -l
> total 4224
> -rw-r--r-- 1 root root 2064867 2008-05-13 08:10 blacklist.DSA-1024
> -rw-r--r-- 1 root root 2064867 2008-05-13 08:10 blacklist.RSA-2048
> -rw-r--r-- 1 root root  132777 2007-07-30 06:16 moduli
> -rw-r--r-- 1 root root    1532 2007-07-30 06:16 ssh_config
> -rw-r--r-- 1 root root    1872 2007-11-29 03:58 sshd_config
> -rw------- 1 root root     672 2008-05-13 23:34 ssh_host_dsa_key
> -rw------- 1 root root     672 2007-09-27 23:01 ssh_host_dsa_key.broken
> -rw-r--r-- 1 root root     601 2008-05-13 23:34 ssh_host_dsa_key.pub
> -rw-r--r-- 1 root root     601 2007-09-27 23:01 ssh_host_dsa_key.pub.broken
> -rw------- 1 root root    1675 2008-05-13 23:34 ssh_host_rsa_key
> -rw------- 1 root root    1675 2007-09-27 23:01 ssh_host_rsa_key.broken
> -rw-r--r-- 1 root root     393 2008-05-13 23:34 ssh_host_rsa_key.pub
> -rw-r--r-- 1 root root     393 2007-09-27 23:01 ssh_host_rsa_key.pub.broken

I don't think Hardy Heron users do either...if they update today. This 
morning, I was greeted to updates on everything related to SSL host keys. The 
update included a black list.




More information about the Ale mailing list