Hi, Mario 'BitKoenig' Holbe wrote:
Kurt Roeckx <kurt@roeckx.be> wrote:So my question is, does either the ssh client or server use openssl to generate the random number used to sign?Yes, they both do. ssh-dss.c:ssh_dss_sign() calls openssh's DSA_do_sign() which finally goes down to ssleay_rand_add() (via dsa_sign_setup()->BN_rand_range()-> RAND_add()->RAND_SSLeay()). And ssh_dss_sign(), in turn, is used via key_sign() in the ssh server as well as the client.
Okay, if we updated (on stable): openssl_0.9.8c-4etch3_i386.deb libssl0.9.8_0.9.8c-4etch3_i386.deb Then re-generated all keys and certificates..... Later we get these updates: openssh-blacklist_0.1.1_all.deb ssh_1%3a4.3p2-9etch1_all.deb openssh-server_1%3a4.3p2-9etch1_i386.deb openssh-client_1%3a4.3p2-9etch1_i386.deb So, do we need to re-generate keys and certs again now or will they be fine?The tests against the certs seems to be fine, but I want to be sure that the later updates were not required for the re-generation to be worthwhile.
Kind Regards AndrewM Andrew McGlashan Broadband Solutions now including VoIP Current Land Line No: 03 9912 0504 Mobile: 04 2574 1827 Fax: 03 9012 2178 National No: 1300 85 3804 Affinity Vision Australia Pty Ltd http://www.affinityvision.com.au http://adsl2choice.net.auIn Case of Emergency -- http://www.affinityvision.com.au/ice.html