Bug#491263: network-console, etch netinst, openssh
Package: network-console
Version: 1.11
A few issues relating to network-console on etch netinst 4.0r3:
* Keys generated by network-console are found on the blacklist included
with newer versions of openssh-server.
* If network-console is used for a new installation, openssh-server is
installed on the new system, but .broken keys are left lying around in
/etc/ssh.
* Likewise to above, the rsa host key (/etc/ssh/ssh_host_rsa_key.pub)
is found to be on the blacklist, and appears that it may be the same
rsa key used during installation via network-console.
An 'ls -al *key*' in /etc/ssh on a newly installed system gives
something similar to:
-rw------- 1 root root 668 2008-07-17 07:24 ssh_host_dsa_key
-rw------- 1 root root 668 2008-07-17 07:21 ssh_host_dsa_key.broken
-rw-r--r-- 1 root root 612 2008-07-17 07:24 ssh_host_dsa_key.pub
-rw-r--r-- 1 root root 612 2008-07-17 07:21
ssh_host_dsa_key.pub.broken
-rw------- 1 root root 1675 2008-07-17 07:26 ssh_host_rsa_key
-rw------- 1 root root 1675 2008-07-17 07:21 ssh_host_rsa_key.broken
-rw-r--r-- 1 root root 404 2008-07-17 07:26 ssh_host_rsa_key.pub
-rw-r--r-- 1 root root 404 2008-07-17 07:21
ssh_host_rsa_key.pub.broken
Likewise, checking for these keys in the blacklist:
# for key in ssh_host_[rd]sa_key.pub{,.broken}; do grep -q $(ssh-keygen \
-l -f $key | awk '{print $2}' | cut -d: -f7- | tr -d :) blacklist.* \
&& echo "$key is on the blacklist"; done
ssh_host_rsa_key.pub is on the blacklist
ssh_host_dsa_key.pub.broken is on the blacklist
ssh_host_rsa_key.pub.broken is on the blacklist
--
Mike Edwards | If this email address disappears,
Unsolicited advertisments to | assume it was spammed to death. To
this address are not welcome. | reach me in that case, s/-.*@/@/
"Our progress as a nation can be no swifter than our progress in education.
The human mind is our fundamental resource."
-- John F. Kennedy
Reply to: