[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: where did www.debian.org/security/key-rollover/ go?

Ross Boylan wrote:
> 2) cd /etc/ssh; invoke-rc.d ssh stop; rm *host*; 
> dpkg-reconfigure  --default-priority openssh-server

There's no need to stop ssh. Just
rm /etc/ssh/*host*; dpkg-reconfigure openssh-server

And then go fix all your ~/.authorized_keys files. And also openvpn and
SSL certificates.

BTW, if you're running unstable, a new openssh-sever package will be
available in the next update (in about 8 hours) that automates replacing
weak ssh host keys, and also blocks login attempts using weak keys.

see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: