Can you clarify whether keys generated on an XO need to be regenerated or not.
-josh On May 15, 2008, at 6:40 AM, Dennis Gilmore wrote: > On Thursday 15 May 2008, Henry Hardy wrote: >> Debian has published a recent security advisory regarding a >> documented >> weakeness in the Debian openssl key generation procedure: >> >> [DSA 1571-1] New openssl packages fix predictable random number >> generator<http://news.gmane.org/find-root.php?message_id=% >> 3c87od7az9v4.fsf% >> 5f%5f2780.18743633783%241210681384%24gmane%24org% >> 40mid.deneb.enyo.de%3e> >> >> http://article.gmane.org/gmane.linux.debian.security.announce/1614 >> >> Accordingly we are changing the host keys on all Ubuntu and Debian >> systems. >> Users should be prepared to accept the new host keys. >> >> Additionally, ALL USERS MUST generate new private/public keypairs >> using the >> patched ssl-keygen or equivalent (such as putty-keygen) and >> replace the >> public key in their ~/.ssh/authorized_keys file. This applies to >> users with >> accounts on crank, pedal, teach, grinch and all other Debian or >> Ubuntu >> boxes. >> >> If you need help, please open a ticket by emailing >> [EMAIL PROTECTED] with >> your new pub key or a link to it. Please specify which machines on >> which >> you have accounts in the message. >> >> thanks, >> >> --HH. > > users only need to create new keys if you created your key using a > debian > based system. keys generated on Fedora or other linux's or unix's > are not > susceptible and don't need replacing. > > > This also brings up the need to use something like fas > https://fedorahosted.org/fas/ which would easily allow users to > change their > own passwords and ssh keys. as well as simplify user management > and make it > easy to grant access to different hosts. > > > Dennis > _______________________________________________ > Devel mailing list > [email protected] > http://lists.laptop.org/listinfo/devel _______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
