[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#151617: marked as done (ssh Package Should Not Preemptively Generate Keys)

Your message dated Wed, 21 Jul 2004 10:47:21 -0400
with message-id <E1BnINN-0002X1-00@newraff.debian.org>
and subject line Bug#87946: fixed in openssh 1:3.8.1p1-6
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 1 Jul 2002 22:40:15 +0000
>From ehem@m5p.com Mon Jul 01 17:40:15 2002
Return-path: <ehem@m5p.com>
Received: from dsl-209-162-215-52.dsl.easystreet.com (southstation.m5p.com) [209.162.215.52] 
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 17P9qA-0004oz-00; Mon, 01 Jul 2002 17:40:15 -0500
Received: from m5p.com (parkstreet.m5p.com [10.100.0.1])
	by southstation.m5p.com (8.12.2/8.12.3) with ESMTP id g61MdWfP066942
	(version=TLSv1/SSLv3 cipher=EDH-DSS-DES-CBC3-SHA bits=168 verify=OK)
	for <submit@bugs.debian.org>; Mon, 1 Jul 2002 15:39:37 -0700 (PDT)
Received: (from ehem@localhost)
	by m5p.com (8.12.3/8.12.3/Submit) id g61MdU7F044349
	for submit@bugs.debian.org; Mon, 1 Jul 2002 15:39:30 -0700 (PDT)
From: Elliott Mitchell <ehem@m5p.com>
Message-Id: <200207012239.g61MdU7F044349@m5p.com>
Subject: ssh Package Should Not Preemptively Generate Keys
To: submit@bugs.debian.org
Date: Mon, 1 Jul 2002 15:39:30 -0700 (PDT)
X-Mailer: ELM [version 2.4ME+ PL68 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Delivered-To: submit@bugs.debian.org

Package: ssh
Version: 1:3.4p1-0.0potato1

When installing the ssh package DSA, and RSA keys are automatically
generated without prompting. Unless such keys are already present this
happens no matter what version of ssh was previously installed.

People may wish to use one and disallow the other (or even V1 only,
ick!), and this behavior interferes with that decision. Further people
may want to use sizes larger than the default. Also perhaps the default
key size for RSA keys generated should be increased due to the threats to
1024 bit RSA (768 is definitly breakable, 1024 is in rather serious
danger)?

I initially got 3.3 when DSA-134-1 came out, during installation RSA and
DSA keys were generated. A much larger RSA key was generated and used to
replace the auto-generated RSA key, my decision was to disable DSA so the
DSA key was deleted. When DSA-134-4 came out I installed 3.4, when I
installed the package the RSA key was left alone, but the package
preemptively generated another DSA key contrary to my wishes.


--
|\__/|\__/|\______          --=> 8-) EHM <=--          ______/|\__/|\__/|
\    |    |       | EHeM@gremlin.m5p.com PGP 8881EF59 |       |    |    /
  \   \   | ______| -O #include <stddisclaimer.h> O-  |______ |   /   /
    \___\_|/82 04 A1 3C C7 B1 37 2A   E3 6E 84 DA 97 4C 40 E6\|_/___/



---------------------------------------
Received: (at 87946-close) by bugs.debian.org; 21 Jul 2004 14:50:11 +0000
>From katie@ftp-master.debian.org Wed Jul 21 07:50:11 2004
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BnIQ7-0000xo-00; Wed, 21 Jul 2004 07:50:11 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1BnINN-0002X1-00; Wed, 21 Jul 2004 10:47:21 -0400
From: Colin Watson <cjwatson@debian.org>
To: 87946-close@bugs.debian.org
X-Katie: $Revision: 1.51 $
Subject: Bug#87946: fixed in openssh 1:3.8.1p1-6
Message-Id: <E1BnINN-0002X1-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Wed, 21 Jul 2004 10:47:21 -0400
Delivered-To: 87946-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Source: openssh
Source-Version: 1:3.8.1p1-6

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:

openssh-client-udeb_3.8.1p1-6_powerpc.udeb
  to pool/main/o/openssh/openssh-client-udeb_3.8.1p1-6_powerpc.udeb
openssh-server-udeb_3.8.1p1-6_powerpc.udeb
  to pool/main/o/openssh/openssh-server-udeb_3.8.1p1-6_powerpc.udeb
openssh_3.8.1p1-6.diff.gz
  to pool/main/o/openssh/openssh_3.8.1p1-6.diff.gz
openssh_3.8.1p1-6.dsc
  to pool/main/o/openssh/openssh_3.8.1p1-6.dsc
ssh-askpass-gnome_3.8.1p1-6_powerpc.deb
  to pool/main/o/openssh/ssh-askpass-gnome_3.8.1p1-6_powerpc.deb
ssh_3.8.1p1-6_powerpc.deb
  to pool/main/o/openssh/ssh_3.8.1p1-6_powerpc.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 87946@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 21 Jul 2004 15:14:46 +0100
Source: openssh
Binary: ssh-askpass-gnome openssh-client-udeb ssh openssh-server-udeb
Architecture: source powerpc
Version: 1:3.8.1p1-6
Distribution: unstable
Urgency: low
Maintainer: Matthew Vernon <matthew@debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 openssh-client-udeb - Secure shell client for the Debian installer (udeb)
 openssh-server-udeb - Secure shell server for the Debian installer (udeb)
 ssh        - Secure rlogin/rsh/rcp replacement (OpenSSH)
 ssh-askpass-gnome - under X, asks user for a passphrase for ssh-add
Closes: 87946
Changes: 
 openssh (1:3.8.1p1-6) unstable; urgency=low
 .
   * Implement hack in
     http://lists.debian.org/debian-boot/2004/07/msg01207.html to get
     openssh-client-udeb to show up as a retrievable debian-installer
     component.
   * Generate host keys in postinst only if the relevant HostKey directives
     are found in sshd_config (closes: #87946).
Files: 
 3a4951ee53bb381999fc80b9ef6ef41f 890 net standard openssh_3.8.1p1-6.dsc
 c6331a664acfba30a9854f921c636346 146642 net standard openssh_3.8.1p1-6.diff.gz
 b4296d9c21cdc2f649dab55e6b0f0e9e 732566 net standard ssh_3.8.1p1-6_powerpc.deb
 2dee8ee85610ca328572bcb4c803286c 51998 gnome optional ssh-askpass-gnome_3.8.1p1-6_powerpc.deb
 f93dda645475992804db403bf0c76c0f 151116 debian-installer optional openssh-client-udeb_3.8.1p1-6_powerpc.udeb
 3397bc5f0f8a0b6fc4420441f33eb777 159536 debian-installer optional openssh-server-udeb_3.8.1p1-6_powerpc.udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iD8DBQFA/n3d9t0zAhD6TNERAvhPAJwNmrEfHRgQPZrzV49LTN9tu7iZ6gCffzI3
njRQhgmaK/0sB0nM3IQw84Y=
=7emV
-----END PGP SIGNATURE-----
Reply to: