[ubuntu-uk] OpenSSL vulnerability
Alan Pope
alan at popey.com
Tue May 13 21:40:37 BST 2008
On Tue, 2008-05-13 at 18:18 +0100, Mac wrote:
> I haven't seen this mentioned here, so in case anyone is affected and
> hasn't seen the advisory...
>
> https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-May/000705.html
>
Here's a good "how to" guide for resolving this:-
http://hantslug.org.uk/lurker/message/20080513.191226.269a6c44.en.html
" As far as I can tell, the best way of fixing your ssh keys is:
- Install the update
- Delete the following files:
~/.ssh/id_*
~/.ssh/authorized_keys
/etc/ssh/ssh_host_dsa_key*
/etc/ssh/ssh_host_rsa_key*
- Generate new host keys:
sudo dpkg-reconfigure -plow openssh-server
(Thanks to Adrian for pointing out the easy way)
- Generate new personal keys:
ssh-keygen -t rsa -b 4096
- Restart the ssh daemon
Do this on all machines. Don't log out after deleting the host keys
(in /etc/ssh) as you won't be able to log back in by ssh.
As a precaution, I've also been regenerating the DH key exchange
moduli, which are kept in /etc/ssh/moduli. That's documented near the
bottom of the ssh-keygen man page.
I haven't looked at the X.509 situation yet.
"
Cheers
Al.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-uk/attachments/20080513/dc30bcdb/attachment.pgp
More information about the ubuntu-uk
mailing list