Weak host-keys are not replaced during openssh update
glgxg at sbcglobal.net
Tue May 13 19:48:07 UTC 2008
On 05/13/2008 11:49 AM, Mario Vukelic wrote:
> On Tue, 2008-05-13 at 20:35 +0200, Markus Schönhaber wrote:
>> On two of the Gutsy servers I administer the weak host keys remain in
>> place after
>> aptitude update
>> aptitude safe-upgrade
>> and I am not prompted anything during the upgrade either.
>> Anyone else seeing this?
> Maybe this:
> Ubuntu Security Notice USN-612-2 May 13, 2008
> openssh vulnerability
> CVE-2008-0166, http://www.ubuntu.com/usn/usn-612-1
> "Once the update is applied, weak user keys will be automatically
> rejected where possible (though they cannot be detected in all
> cases). If you are using such keys for user authentication,
> they will immediately stop working and will need to be replaced
> (see step 3)."
Probably worth posting:
USN-612-3: OpenVPN vulnerability
USN-612-2: OpenSSH vulnerability
USN-612-1: OpenSSL vulnerability
$ sudo ssh-vulnkey -a
checks all keys on the system.
More information about the ubuntu-users