On Thursday 15 May 2008, Henry Hardy wrote: > Debian has published a recent security advisory regarding a documented > weakeness in the Debian openssl key generation procedure: > > [DSA 1571-1] New openssl packages fix predictable random number > generator<http://news.gmane.org/find-root.php?message_id=%3c87od7az9v4.fsf% >5f%5f2780.18743633783%241210681384%24gmane%24org%40mid.deneb.enyo.de%3e> > > http://article.gmane.org/gmane.linux.debian.security.announce/1614 > > Accordingly we are changing the host keys on all Ubuntu and Debian systems. > Users should be prepared to accept the new host keys. > > Additionally, ALL USERS MUST generate new private/public keypairs using the > patched ssl-keygen or equivalent (such as putty-keygen) and replace the > public key in their ~/.ssh/authorized_keys file. This applies to users with > accounts on crank, pedal, teach, grinch and all other Debian or Ubuntu > boxes. > > If you need help, please open a ticket by emailing [EMAIL PROTECTED] with > your new pub key or a link to it. Please specify which machines on which > you have accounts in the message. > > thanks, > > --HH.
users only need to create new keys if you created your key using a debian based system. keys generated on Fedora or other linux's or unix's are not susceptible and don't need replacing. This also brings up the need to use something like fas https://fedorahosted.org/fas/ which would easily allow users to change their own passwords and ssh keys. as well as simplify user management and make it easy to grant access to different hosts. Dennis
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
