(Sent to Noam in private by mistake - sorry Noam) On Fri, May 16, 2008 at 7:06 PM, Noam Rathaus <[EMAIL PROTECTED]> wrote: > The new ssl and ssh packages don't work if they are given known vulnerable > > During upgrade/update they upgrade/replace bad keys
All packages on my Debian Etch desktop are up to date, "vulnkeys" found old vulnerable keys and I cleaned them up (also from other systems). BUT - I can't generate good keys on Debian any more: $ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/ashapira/.ssh/id_rsa): /home/ashapira/test Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ashapira/test. Your public key has been saved in /home/ashapira/test.pub. The key fingerprint is: 89:29:fc:c1:b8:fc:f1:db:31:59:5f:ff:34:12:a8:09 [EMAIL PROTECTED] [EMAIL PROTECTED]:~$ ssh-vulnkey ~/test COMPROMISED: 2048 89:29:fc:c1:b8:fc:f1:db:31:59:5f:ff:34:12:a8:09 /home/ashapira/test.pub [EMAIL PROTECTED]:~$ Right now I get around this by generating keys on CentOS systems but can anyone tell me how to get it (ssh-keygen on Debian) fixed? Thanks, --Amos ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
