[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#491263: network-console, etch netinst, openssh

Package: network-console
Version: 1.11

A few issues relating to network-console on etch netinst 4.0r3:

* Keys generated by network-console are found on the blacklist included
with newer versions of openssh-server.

* If network-console is used for a new installation, openssh-server is
installed on the new system, but .broken keys are left lying around in

* Likewise to above, the rsa host key (/etc/ssh/ssh_host_rsa_key.pub)
is found to be on the blacklist, and appears that it may be the same
rsa key used during installation via network-console.

An 'ls -al *key*' in /etc/ssh on a newly installed system gives
something similar to:
-rw------- 1 root root  668 2008-07-17 07:24 ssh_host_dsa_key
-rw------- 1 root root  668 2008-07-17 07:21 ssh_host_dsa_key.broken
-rw-r--r-- 1 root root  612 2008-07-17 07:24 ssh_host_dsa_key.pub
-rw-r--r-- 1 root root  612 2008-07-17 07:21
-rw------- 1 root root 1675 2008-07-17 07:26 ssh_host_rsa_key
-rw------- 1 root root 1675 2008-07-17 07:21 ssh_host_rsa_key.broken
-rw-r--r-- 1 root root  404 2008-07-17 07:26 ssh_host_rsa_key.pub
-rw-r--r-- 1 root root  404 2008-07-17 07:21

Likewise, checking for these keys in the blacklist:
# for key in ssh_host_[rd]sa_key.pub{,.broken}; do grep -q $(ssh-keygen \
-l -f $key | awk '{print $2}' | cut -d: -f7- | tr -d :) blacklist.* \
&& echo "$key is on the blacklist"; done
ssh_host_rsa_key.pub is on the blacklist
ssh_host_dsa_key.pub.broken is on the blacklist
ssh_host_rsa_key.pub.broken is on the blacklist

Mike Edwards                    |   If this email address disappears,   
Unsolicited advertisments to    |   assume it was spammed to death.  To
this address are not welcome.   |   reach me in that case, s/-.*@/@/

"Our progress as a nation can be no swifter than our progress in education.
The human mind is our fundamental resource."
  -- John F. Kennedy

Reply to: