Weak host-keys are not replaced during openssh update

[NoOp]

On 05/13/2008 01:04 PM, Bob Cortez wrote:
>  $ sudo ssh-vulnkey -a
> 
>> Not blacklisted: 2048 09:c4:3f:72:c2:e4:44:22:e2:46:5f:93:b0:c7:c4:b4
>> /etc/ssh/ssh_host_rsa_key.pub
>> Not blacklisted: 1024 74:8e:0c:ac:d3:0e:07:05:2f:3b:89:2b:ab:bd:19:6a
>> /etc/ssh/ssh_host_dsa_key.pub
>>
> 
> As usual, I have no clue what that means.

Neither do I, but _think_ it means you are ok and that your keys are not
in the ssh blacklist.

I have/had several that showed: COMPROMISED: blah

So it's going to take me a while to figure out how to clean everything
out, regen, etc.

> 
> I have my update manager set to automatically install security updates. Had
> a number of them this morning that required a restart.  Where can I find the
> log of what was installed and if this problem has been addressed with the
> auto update?

Go to Synaptic (System|Administration|Synaptic...|File|History|May 2008|day
That will show you what was upgraded/installed on that day.