Bug#481860: openssh-server upgrade didn't remove all compromised keys from /etc/ssh
severity 481860 normal
thanks
On 2008-06-05 14:33:55 +0200, Raphael Hertzog wrote:
> On Thu, 05 Jun 2008, Vincent Lefevre wrote:
> > I installed the machine on 2008-01-30 (from a CD) then upgraded
> > to sid. The dpkg log says concerning the upgrades:
>
> What CD? An Etch CD?
Sorry, I mixed up with the first installation of the machine. When
I wanted to reinstall the machine in 64 bits (amd64), this was done
by the sysadmin (using rsync + scripts to regenerate host-specific
data), and at that time, the keys were in 1024 bits. Then I chose
to administrate the machine myself and upgraded to sid (BTW I'm the
only one in that case, so that no-one can have the same problem as
me here).
So, I'm setting the severity to normal. I think that when upgrading,
openssh-server should detect unknown keys, and for the first time an
unknown key was detected, explain the problem to the user and ask him
if he wants to regenerate the key.
--
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
Reply to: