Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
From: Steve Suehring <debiansec@braingia.org>
Date: Tue, 13 May 2008 18:10:35 -0500
Message-id: <[🔎] 20080513231035.GA28630@mail.braingia.org>
Mail-followup-to: Steve Suehring <debiansec@braingia.org>, debian-security@lists.debian.org
In-reply-to: <[🔎] 20080513213525.GA16644@madap.com.ar>
References: <87od7az9v4.fsf@mid.deneb.enyo.de> <[🔎] m3fxsmaqul.fsf@neo.luffy.cx> <[🔎] fe374f8d0805131338k285e06b4gb0b5f52c1c9e505a@mail.gmail.com> <[🔎] 200805132253.26553.jluehr@gmx.net> <[🔎] 20080513213525.GA16644@madap.com.ar>

On Tue, May 13, 2008 at 06:35:25PM -0300, dererk wrote:
> On Tue, May 13, 2008 at 10:53:25PM +0200, Jan Luehr wrote:
> > rm /etc/ssh/ssh_host_*
> > ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
> > ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
> > /etc/init.d/ssh restart
> > 
> > -> job done.
> > 
> > Keep smiling
> > yanosz
> 
> Shorter one:
> 
> rm /etc/ssh/ssh_host_*
> dpkg-reconfigure openssh-server

Note that doing either of these will result in host key failures and 
warnings for any clients attempting to connect to you.  This is 
especially bad if you have things like rsync over ssh in a cron job.  
Moral of the story is to remember to update your known_hosts and let 
your users know that their ssh client of choice may bark at them.

Steve
http://www.braingia.org

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
  - From: "John Keimel" <john@keimel.com>

References:
- Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
  - From: Vincent Bernat <bernat@debian.org>
- Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
  - From: "John Keimel" <john@keimel.com>
- Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
  - From: Jan Luehr <jluehr@gmx.net>
- Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
  - From: dererk <dererk@madap.com.ar>

Prev by Date: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Next by Date: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Previous by thread: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Next by thread: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Index(es):
- Date
- Thread