à bientôt, Xavier [EMAIL PROTECTED] 09 54 06 16 26
Le Wednesday 14 May 2008 14:56:12 Xavier Brochard, vous avez écrit : > Le Wednesday 14 May 2008 14:49:56 Klaus Ade Johnstad, vous avez écrit : > > Onsdag 14 mai 2008 14:36, skrev Xavier Brochard: > > > Hi list > > > > > > I've found a grave bug in the security update of openssl and openssh > > > in Ubuntu feisty/gutsy/hardy (guess Debian is affecte also): > > > after the update, ldm login doesn't work any more: the key on the > > > server is changed. Users can't connect. > > > > > > I didn't investigate yet. > > > This is just to advice to not do the update. > > > > > > Several of my servers were automaticaly updated this morning. > > > Fortunatly I allways keep one server with different update timing. > > > > > > More on this later. > > > I guess that this debian security information is related: > > > http://www.us.debian.org/security/2008/dsa-1571 > > > > I would guess that you need to run ltsp-update-sshkeys afterwards, or? > > I tried, it change nothing. > ltsp-update-sshkeys is used when something is change on the client > > The security update change the key of the server (see the security advices > on debian.org and ubuntu.com) > > I'm not sure if downgrading packages will change something. The chroot contains a /etc/ssh/ssh_known_hosts file I'm quite sure that it contains the server keys. Does anyone knows how to update this file ? Xavier ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
