ssh key update IMPORTANT security advisory please read

Dennis Gilmore dennis at
Thu May 15 09:40:03 EDT 2008

On Thursday 15 May 2008, Henry Hardy wrote:
> Debian has published a recent security advisory regarding a documented
> weakeness in the Debian openssl key generation procedure:
> [DSA 1571-1] New openssl packages fix predictable random number
> generator<
> Accordingly we are changing the host keys on all Ubuntu and Debian systems.
> Users should be prepared to accept the new host keys.
> Additionally, ALL USERS MUST generate new private/public keypairs using the
> patched ssl-keygen or equivalent (such as putty-keygen) and replace the
> public key in their ~/.ssh/authorized_keys file. This applies to users with
> accounts on crank, pedal, teach, grinch and all other Debian or Ubuntu
> boxes.
> If you need help, please open a ticket by emailing sysadmin at with
> your new pub key or a link to it. Please specify which machines on which
> you have accounts in the message.
> thanks,
> --HH.

users only need to create new keys if you created your key using a debian 
based system.  keys generated on Fedora or other linux's or unix's are not 
susceptible and don't need replacing. 

This also brings up the need to use something like fas  which would easily allow users to change their 
own passwords and ssh keys.  as well as simplify user management and make it 
easy to grant access to different hosts.  

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the Devel mailing list