Bug#481860: openssh-server upgrade didn't remove all compromised keys from /etc/ssh
On 2008-06-04 16:59:09 +0200, Raphael Hertzog wrote:
> non-default because ssh-keygen does generate 2048 bits keys for
> RSA by default since quite some time and the postinst doesn't
> give an explicit size when it creates the keys.
>
> openssh (1:4.2p1-1) unstable; urgency=low
> [...]
> - Increase the default size of new RSA/DSA keys generated by ssh-keygen
> from 1024 to 2048 bits (closes: #181162).
> [...]
> -- Colin Watson <cjwatson@debian.org> Wed, 14 Sep 2005 15:16:14 +0100
>
> So either this key got installed/generated manually,
I didn't do anything manually concerning the keys.
> or it was generated with an old SSH version running with a bad
> libssl,
I installed the machine on 2008-01-30 (from a CD) then upgraded
to sid. The dpkg log says concerning the upgrades:
2008-01-30 23:49:03 upgrade libssl0.9.8 0.9.8c-4etch1 0.9.8g-4
2008-01-31 00:50:15 upgrade openssh-server 1:4.3p2-9 1:4.7p1-2
2008-01-31 00:50:16 upgrade openssh-client 1:4.3p2-9 1:4.7p1-2
2008-01-31 02:37:51 upgrade openssl 0.9.8c-4etch1 0.9.8g-4
1:4.3p2-9 is older than 1:4.2p1-1, so there's something strange.
> or (unlikely) the key was generated normally and you simply
> happen to have generated one of the bad ones.
>
> I don't think this bug warrants its "grave" status.
But this is very confusing and I didn't know that my RSA key was
compromised, in particular because the DSA key was regenerated.
openssh-server should do at least something to warn the user.
--
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
Reply to: