[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

Hello,

Am Dienstag, 13. Mai 2008 schrieb John Keimel:
> On Tue, May 13, 2008 at 4:31 PM, Vincent Bernat <bernat@debian.org> wrote:
> > OoO En cette soirée bien amorcée du mardi 13 mai 2008, vers 22:21, "John
> >
> >  Keimel" <john@keimel.com> disait:
> >  >> Since some keys are generated automatically, (e.g. ssh host keys)
> >  >> users will have to regenerate keys,they haven't generated in the
> >  >> first place and might not be aware of their existens.
> >  >> That's bad.
> >  >
> >  > The only instructions I've seen for regenerating host keys include
> >  > shutting down the sshd server. This is impossible in some servers I
> >  > have, so is there another way?
> >
> >  Restarting OpenSSH do not close existing connections.
>
> Yes, that's correct. I agree.
>
> But the instructions I saw were for 'shutting down the SSHD server' -
> not just 'restarting it'.
>
> That's why I asked. I think Ian's suggestion will work just fine for
> me though, so I'll give that a go.

rm /etc/ssh/ssh_host_*
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
/etc/init.d/ssh restart

-> job done.

Keep smiling
yanosz
Reply to: