[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mass-updating cached hosts keys afrer ssh security upgrade?



ssh-keyscan

--On July 21, 2008 6:43:31 PM -0500 JW <jw@mailsw.com> wrote:

Hello,

In the past several weeks I have applied the openssh/openssl updates to
my  systems - the updates the fix the random-number-generator weakness.

This has turned into an unexpected nightmare: my users have, between them
all,  dozens of cached host keys, and they are nearly unable to work
because every  time they turn around they're getting bad-old-cached-key
warnings (REMOTE  HOST IDENTIFICATION HAS CHANGED).

I've been trying to go through all the known_hosts files manually and
update  them to give my users a break, but it's a tedious nightmare.
Adding to the  complexity is that many of the known_hosts files are
armored (the hostname/ip  address is not in plain text).

Has anyone come up with a way to read all the cached hosts - all the
~/.ssh/known_hosts entries on a system (or at least per user) and fix
them?

Essentially I need some semi-automated way to fix this since I have many
users's connections to fix still (hundreds if not thousands by the time I
do  machines X users X outgoing connections).

Thanks,

	JW


--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org




--
"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler


Reply to: