Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
From: "John Keimel" <john@keimel.com>
Date: Tue, 13 May 2008 16:38:47 -0400
Message-id: <[🔎] fe374f8d0805131338k285e06b4gb0b5f52c1c9e505a@mail.gmail.com>
In-reply-to: <[🔎] m3fxsmaqul.fsf@neo.luffy.cx>
References: <87od7az9v4.fsf@mid.deneb.enyo.de> <[🔎] m3skwmatou.fsf@neo.luffy.cx> <[🔎] 200805132152.28624.jluehr@gmx.net> <[🔎] fe374f8d0805131321y3302dceclcb1f5763334ecdbe@mail.gmail.com> <[🔎] m3fxsmaqul.fsf@neo.luffy.cx>

On Tue, May 13, 2008 at 4:31 PM, Vincent Bernat <bernat@debian.org> wrote:
> OoO En cette soirée bien amorcée du mardi 13 mai 2008, vers 22:21, "John
>  Keimel" <john@keimel.com> disait:
>
>
>  >> Since some keys are generated automatically, (e.g. ssh host keys) users will
>  >> have to regenerate keys,they haven't generated in the first place and might
>  >> not be aware of their existens.
>  >> That's bad.
>  >>
>
>
>  > The only instructions I've seen for regenerating host keys include
>  > shutting down the sshd server. This is impossible in some servers I
>  > have, so is there another way?
>
>  Restarting OpenSSH do not close existing connections.


Yes, that's correct. I agree.

But the instructions I saw were for 'shutting down the SSHD server' -
not just 'restarting it'.

That's why I asked. I think Ian's suggestion will work just fine for
me though, so I'll give that a go.

Thanks folks.

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
  - From: Vincent Bernat <bernat@debian.org>
- Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
  - From: Jan Luehr <jluehr@gmx.net>

References:
- Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
  - From: Vincent Bernat <bernat@luffy.cx>
- Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
  - From: Jan Luehr <jluehr@gmx.net>
- Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
  - From: "John Keimel" <john@keimel.com>
- Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
  - From: Vincent Bernat <bernat@debian.org>

Prev by Date: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Next by Date: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Previous by thread: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Next by thread: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Index(es):
- Date
- Thread