Sorry, another question.. openssh-server checks for weak keys and offers to replace them. But what if you have a strong DSA host key, and have been using the broken libssl for years? My understanding (from irc, possibly very flawed) is that this effecively exposed the DSA host key to brute-forcing. So that key should also probably be replaced. Having ssh handle one case but not the other on upgrade could lead to a false sense of security.. -- see shy jo
Attachment:
signature.asc
Description: Digital signature