ssh key update IMPORTANT security advisory please read
Dennis Gilmore
dennis at ausil.us
Thu May 15 09:40:03 EDT 2008
On Thursday 15 May 2008, Henry Hardy wrote:
> Debian has published a recent security advisory regarding a documented
> weakeness in the Debian openssl key generation procedure:
>
> [DSA 1571-1] New openssl packages fix predictable random number
> generator<http://news.gmane.org/find-root.php?message_id=%3c87od7az9v4.fsf%
>5f%5f2780.18743633783%241210681384%24gmane%24org%40mid.deneb.enyo.de%3e>
>
> http://article.gmane.org/gmane.linux.debian.security.announce/1614
>
> Accordingly we are changing the host keys on all Ubuntu and Debian systems.
> Users should be prepared to accept the new host keys.
>
> Additionally, ALL USERS MUST generate new private/public keypairs using the
> patched ssl-keygen or equivalent (such as putty-keygen) and replace the
> public key in their ~/.ssh/authorized_keys file. This applies to users with
> accounts on crank, pedal, teach, grinch and all other Debian or Ubuntu
> boxes.
>
> If you need help, please open a ticket by emailing sysadmin at laptop.org with
> your new pub key or a link to it. Please specify which machines on which
> you have accounts in the message.
>
> thanks,
>
> --HH.
users only need to create new keys if you created your key using a debian
based system. keys generated on Fedora or other linux's or unix's are not
susceptible and don't need replacing.
This also brings up the need to use something like fas
https://fedorahosted.org/fas/ which would easily allow users to change their
own passwords and ssh keys. as well as simplify user management and make it
easy to grant access to different hosts.
Dennis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.laptop.org/pipermail/devel/attachments/20080515/5cd2506a/attachment.sig>
More information about the Devel
mailing list