[Bug 230174] Re: [Gutsy] ssh installation results in COMPROMISED keys
NoOp
glgxg at sbcglobal.net
Thu May 15 03:29:45 BST 2008
On 05/14/2008 06:23 PM, Chris K. Jester-Young wrote:
> What version of libssl0.9.8 do you have installed? If older than 0.9.8e-
> 5ubuntu3.2 (such as if you have 0.9.8e-5ubuntu3) you will continue to
> generate bad keys. This is irrespective of what version of openssh-
> server you have, which only adds checks for vulnerable keys, and does
> not affect key generation.
>
libssl0.9.8 is 0.9.8.g-4ubuntu2
No idea why my version is the newer, other than perhaps the fact that
this machine is a Dapper ==> Edgy ==> Fiesty ==> Gutsy updated/upgraded
machine and at one point I may have attempted to install a Hardy package
that brought it in.
I'll bring in 0.9.8e-5ubutu3.1 and see if that makes a difference....
Well via Synaptic the only version is
libssl0.9.8-dbg:
Depends: libssl0.9.8 (=0.9.8e-5ubuntu3.2) but 0.9.8g-4ubuntu3 is to be
installed
So that didn't work. Try again:
http://packages.ubuntu.com/gutsy/i386/libssl0.9.8/download
====
Not Found
The requested URL
/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.1_i386.deb was
not found on this server.
====
deb http://security.ubuntu.com/ubuntu gutsy-security main
added, and the result is:
$ sudo apt-get install --reinstall libssl0.9.8
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reinstallation of libssl0.9.8 is not possible, it cannot be downloaded.
Suggestions?
--
[Gutsy] ssh installation results in COMPROMISED keys
https://bugs.launchpad.net/bugs/230174
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
More information about the Ubuntu-server-bugs
mailing list