Weak host-keys are not replaced during openssh update
news at pointerstop.ca
Tue May 20 01:26:50 UTC 2008
Mario Vukelic wrote:
> On Tue, 2008-05-13 at 20:49 +0200, Mario Vukelic wrote:
>> Maybe this: <snip>
> Um, probably not.
> Upon reflection I think that the upgrade does not replace any keys at
> all. You need to do that yourself. At least that#s what the Debian
> announcement says:
> "It is strongly recommended that all cryptographic key material which
> has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian
> systems is recreated from scratch."
I got a prompt when I installed that seemed to replace some keys. I then
ran ssh-vulnkey to find the others and deleted all the ones that were
obsolete anyway, and now don't have any that are actually known to be
compromised (though there are still a couple of "unknown"s).
More information about the ubuntu-users