[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Frustration with randome number generator vuln and ssh

Hi everyone,
If I am sending this to the wrong list please let me know! I have a server, details below, that I've updated to address the ssl random number generator issue but after generating the new ssh_host rsa and ssh_host_dsa keys, ssh still complains they're still vulnerable. I would _REALLY_ appreciate some advice on this issue or a pointer of where to go. 

Here's the server details:

/etc/apt/source.list
---------------------
deb http://mirrors.kernel.org/debian/ etch main
deb-src http://mirrors.kernel.org/debian/ etch main

deb http://security.debian.org/ etch/updates main contrib
deb-src http://security.debian.org/ etch/updates main contrib

Ran the following:
-------------------
apt-get --reinstall install openssh-server openssh-blacklist openssl

ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa

/etc/init.d/ssh restart (obviscated)
Host key XX:50:XX:6f:XX:b6:XX:ff:XX:87:XX:38:XX:0c:XX:cc blacklisted (see ssh-vulnkey(1)) Host key 20:XX:4c:XX:0d:XX:XX:2b:XX:b7:XX:dc:XX:4c:1a:25 blacklisted (see ssh-vulnkey(1)) Restarting OpenBSD Secure Shell server: sshdHost key XX:50:XX:6f:XX:b6:XX:ff:XX:87:XX:38:XX:0c:XX:cc blacklisted (see ssh-vulnkey(1)) Host key 20:XX:4c:XX:0d:XX:XX:2b:XX:b7:XX:dc:XX:4c:1a:25 blacklisted (see ssh-vulnkey(1)) 

-------------------------------------------------
One issue I've noticed. When I try and run apt-get --reinstall libssl0.9.8 I get the following 
Reading package lists... Done
Building dependency tree... Done
Reinstallation of libssl0.9.8 is not possible, it cannot be downloaded.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

apt-get install libssl0.9.8
Reading package lists... Done
Building dependency tree... Done
libssl0.9.8 is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
-------------------------------------------------

apt-get install libssl-dev
Reading package lists... Done
Building dependency tree... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.

Since you only requested a single operation it is extremely likely that
the package is simply not installable and a bug report against
that package should be filed.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
libssl-dev: Depends: libssl0.9.8 (= 0.9.8c-4etch3) but 0.9.8e-4 is to be installed 
E: Broken packages
-------------------------------------------------

So I ran apt-cache to see what I could discern
apt-cache policy libssl-dev libssl0.9.8
libssl-dev:
 Installed: (none)
 Candidate: 0.9.8c-4etch3
 Version table:
    0.9.8c-4etch3 0
       500 http://security.debian.org etch/updates/main Packages
    0.9.8c-4etch1 0
       500 http://mirrors.kernel.org etch/main Packages
libssl0.9.8:
 Installed: 0.9.8e-4
 Candidate: 0.9.8e-4
 Version table:
*** 0.9.8e-4 0
       100 /var/lib/dpkg/status
    0.9.8c-4etch3 0
       500 http://security.debian.org etch/updates/main Packages
    0.9.8c-4etch1 0
       500 http://mirrors.kernel.org etch/main Packages




What am I doing wrong here?

--Jim
Reply to: