[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#481519: openssh-server: can not login after update to 4.3p2-9etch1

Package: openssh-server
Version: 1:4.3p2-9etch1
Severity: normal

When the machine was upgraded to 4.3p2-9etch1, the installation script found
that the host key was blacklisted. I reinstalled many times the package but
with no success. Finally I ripped some pieces of the postinst script and I
tried to build the key, at least ten times, with again, no sucess. The keys
were newly created but they always were marked as blacklisted. The result
was that I was not able to login on the machine.

Finally, I put the next line on /etc/ssh/sshd_config:

PermitBlacklistedKeys yes

Now it starts saying the next message, but at least, I can login again:

Host key b5:9c:37:1c:42:ec:7e:ee:47:9e:20:dd:23:29:6b:d0 blacklisted (see ssh-vulnkey(1)); continuing anyway
Host key ec:4d:32:92:f6:0e:4b:0d:2b:b0:6f:32:d1:79:fb:64 blacklisted (see ssh-vulnkey(1)); continuing anyway
Restarting OpenBSD Secure Shell server: sshdHost key
b5:9c:37:1c:42:ec:7e:ee:47:9e:20:dd:23:29:6b:d0 blacklisted (see ssh-vulnkey(1)); continuing anyway
Host key ec:4d:32:92:f6:0e:4b:0d:2b:b0:6f:32:d1:79:fb:64 blacklisted (see ssh-vulnkey(1)); continuing anyway
.


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-6-686 (SMP w/2 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-server depends on:
ii  add 3.102                                Add and remove users and groups
ii  deb 1.5.13                               Debian configuration management sy
ii  dpk 1.13.25                              package maintenance system for Deb
ii  lib 2.3.6.ds1-13etch5                    GNU C Library: Shared libraries
ii  lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library
ii  lib 1.4.4-8                              MIT Kerberos runtime libraries
ii  lib 0.79-5                               Pluggable Authentication Modules f
ii  lib 0.79-5                               Runtime support for the PAM librar
ii  lib 0.79-5                               Pluggable Authentication Modules l
ii  lib 1.32-3                               SELinux shared libraries
ii  lib 0.9.8e-4                             SSL shared libraries
ii  lib 7.6.dbs-13                           Wietse Venema's TCP wrappers libra
ii  ope 0.1.1                                list of blacklisted OpenSSH RSA an
ii  ope 1:4.3p2-9etch1                       Secure shell client, an rlogin/rsh
ii  zli 1:1.2.3-13                           compression library - runtime

openssh-server recommends no packages.

-- debconf information:
* ssh/vulnerable_host_keys:
  ssh/new_config: true
* ssh/use_old_init_script: true
  ssh/encrypted_host_key_but_no_keygen:
  ssh/disable_cr_auth: false
Reply to: