Re: Mass-updating cached hosts keys afrer ssh security upgrade?

To: debian-security@lists.debian.org
Subject: Re: Mass-updating cached hosts keys afrer ssh security upgrade?
From: Bernd Eckenfels <ecki@lina.inka.de>
Date: Tue, 22 Jul 2008 02:51:15 +0200
Message-id: <E1KL65z-00038N-00@calista.eckenfels.net>
In-reply-to: <200807211843.31332.jw@mailsw.com>

In article <200807211843.31332.jw@mailsw.com> you wrote:
> I've been trying to go through all the known_hosts files manually and update 
> them to give my users a break, but it's a tedious nightmare. Adding to the 
> complexity is that many of the known_hosts files are armored (the hostname/ip 
> address is not in plain text).

What kind of hosts are those? I would add all your machines to all
system-known_hosts and then delete the entries from user files.

The later can be done with a shell script, and you should ask your users to
run it themself. Just consisting of a loop, reading the hosts from
/etc/ssh/known_hosts and deleting them via

ssh-keygen -R "$host"

Greetings
Bernd
y

Reply to:

References:
- Mass-updating cached hosts keys afrer ssh security upgrade?
  - From: JW <jw@mailsw.com>

Prev by Date: Re: Mass-updating cached hosts keys afrer ssh security upgrade?
Next by Date: Re: [SECURITY] [DSA 1613-1] new libgd2 packages fix multiple vulnerabilities
Previous by thread: Re: Mass-updating cached hosts keys afrer ssh security upgrade?
Next by thread: Re: Mass-updating cached hosts keys afrer ssh security upgrade?
Index(es):
- Date
- Thread