[ale] Debian Security Advisory...
Giulio (lists)
lists at cruton.info
Wed May 14 08:29:30 EDT 2008
On Wednesday 14 May 2008, Jim Philips wrote:
> On Wednesday 14 May 2008 02:04:07 am Brian Pitts wrote:
> > Jim Popovitch wrote:
> > > Further to all this (and top posted to gain maximum attention),
> > > Debian and Ubuntu users need to MANUALLY regenerate ssh HOST
> > > keys (/etc/ssh/ssh_host_*key*)
> >
> > I don't think Ubuntu users do. After applying the updates to
> > Ubuntu 7.10
> >
> > /etc/ssh$ ls -l
> > total 4224
> > -rw-r--r-- 1 root root 2064867 2008-05-13 08:10
> > blacklist.DSA-1024 -rw-r--r-- 1 root root 2064867 2008-05-13
> > 08:10 blacklist.RSA-2048 -rw-r--r-- 1 root root 132777
> > 2007-07-30 06:16 moduli
> > -rw-r--r-- 1 root root 1532 2007-07-30 06:16 ssh_config
> > -rw-r--r-- 1 root root 1872 2007-11-29 03:58 sshd_config
> > -rw------- 1 root root 672 2008-05-13 23:34 ssh_host_dsa_key
> > -rw------- 1 root root 672 2007-09-27 23:01
> > ssh_host_dsa_key.broken -rw-r--r-- 1 root root 601 2008-05-13
> > 23:34 ssh_host_dsa_key.pub -rw-r--r-- 1 root root 601
> > 2007-09-27 23:01 ssh_host_dsa_key.pub.broken -rw------- 1 root
> > root 1675 2008-05-13 23:34 ssh_host_rsa_key -rw------- 1 root
> > root 1675 2007-09-27 23:01 ssh_host_rsa_key.broken -rw-r--r--
> > 1 root root 393 2008-05-13 23:34 ssh_host_rsa_key.pub
> > -rw-r--r-- 1 root root 393 2007-09-27 23:01
> > ssh_host_rsa_key.pub.broken
>
> I don't think Hardy Heron users do either...if they update today.
> This morning, I was greeted to updates on everything related to SSL
> host keys. The update included a black list.
The original Debian security advisory mentioned that manual generation
of keys was required but an ssh update is "taking care" of the ssh
keys:
Openssl issue:
http://www.debian.org/security/2008/dsa-1571
Openssh update not yet on Debian site but it is DSA-1576-1
Same for Ubuntu users.
There are still other keys that need to be changed (OpenVPN, X.509,
etc.) at this point.
Giulio
More information about the Ale
mailing list