[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mass-updating cached hosts keys afrer ssh security upgrade?

Anno domini 2008 JW scripsit:


> In the past several weeks I have applied the openssh/openssl updates to my 
> systems - the updates the fix the random-number-generator weakness.

> This has turned into an unexpected nightmare: my users have, between them all, 
> dozens of cached host keys, and they are nearly unable to work because every 
> time they turn around they're getting bad-old-cached-key warnings (REMOTE 

> I've been trying to go through all the known_hosts files manually and update 
> them to give my users a break, but it's a tedious nightmare. Adding to the 
> complexity is that many of the known_hosts files are armored (the hostname/ip 
> address is not in plain text).

> Has anyone come up with a way to read all the cached hosts - all the 
> ~/.ssh/known_hosts entries on a system (or at least per user) and fix them?

> Essentially I need some semi-automated way to fix this since I have many 
> users's connections to fix still (hundreds if not thousands by the time I do 
> machines X users X outgoing connections).

Others have already pointed to things how to do this.
When you have finished the cleaning up, you might be interested in 


Comments welcome.

	Follow the white penguin.

Reply to: