[ale] Debian Security Advisory...
Jim Philips
philips_jim at bellsouth.net
Wed May 14 06:07:44 EDT 2008
On Wednesday 14 May 2008 02:04:07 am Brian Pitts wrote:
> Jim Popovitch wrote:
> > Further to all this (and top posted to gain maximum attention), Debian
> > and Ubuntu users need to MANUALLY regenerate ssh HOST keys
> > (/etc/ssh/ssh_host_*key*)
>
> I don't think Ubuntu users do. After applying the updates to Ubuntu 7.10
>
> /etc/ssh$ ls -l
> total 4224
> -rw-r--r-- 1 root root 2064867 2008-05-13 08:10 blacklist.DSA-1024
> -rw-r--r-- 1 root root 2064867 2008-05-13 08:10 blacklist.RSA-2048
> -rw-r--r-- 1 root root 132777 2007-07-30 06:16 moduli
> -rw-r--r-- 1 root root 1532 2007-07-30 06:16 ssh_config
> -rw-r--r-- 1 root root 1872 2007-11-29 03:58 sshd_config
> -rw------- 1 root root 672 2008-05-13 23:34 ssh_host_dsa_key
> -rw------- 1 root root 672 2007-09-27 23:01 ssh_host_dsa_key.broken
> -rw-r--r-- 1 root root 601 2008-05-13 23:34 ssh_host_dsa_key.pub
> -rw-r--r-- 1 root root 601 2007-09-27 23:01 ssh_host_dsa_key.pub.broken
> -rw------- 1 root root 1675 2008-05-13 23:34 ssh_host_rsa_key
> -rw------- 1 root root 1675 2007-09-27 23:01 ssh_host_rsa_key.broken
> -rw-r--r-- 1 root root 393 2008-05-13 23:34 ssh_host_rsa_key.pub
> -rw-r--r-- 1 root root 393 2007-09-27 23:01 ssh_host_rsa_key.pub.broken
I don't think Hardy Heron users do either...if they update today. This
morning, I was greeted to updates on everything related to SSL host keys. The
update included a black list.
More information about the Ale
mailing list