Bug#481519: openssh-server: can not login after update to 4.3p2-9etch1
Rafael Jesus Alcantara Perez <sistemas@dedaloingenieros.com> writes:
> When the machine was upgraded to 4.3p2-9etch1, the installation script
> found that the host key was blacklisted. I reinstalled many times the
> package but with no success. Finally I ripped some pieces of the
> postinst script and I tried to build the key, at least ten times, with
> again, no sucess. The keys were newly created but they always were
> marked as blacklisted. The result was that I was not able to login on
> the machine.
[...]
> ii lib 0.9.8e-4 SSL shared libraries
You're still running a vulnerable version of OpenSSL, which means that you
still have the problem that the security updates are trying to fix. The
reason why your newly generated keys are blacklisted is because they're
still bad, so your system is still vulnerable right now.
It looks from that version like you have a mixed testing (or unstable) and
stable system, which is why the dependency that is supposed to force this
didn't work.
As soon as possible, you need to either downgrade your libssl0.9.8 package
to 0.9.8c-4etch3 or upgrade to at least 0.9.8g-9. Then run
dpkg-reconfigure openssh-server, which will regenerate your host keys
again, and you should then have secure host keys.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: