[Bug 230174] Re: [Gutsy] ssh installation results in COMPROMISED keys
Hi there. Since I had the same problem and didn't find a complete Solution on the Net. So, I wanted to share my solution with other people having this problem. The Problem is: I am running a dapper version of Ubuntu. Since some piece of software (e.g. Nagios2) requires a newer version, someone added this to the source.list (e.g. hardy). Within the Installation of the software, it seems that libssl also updated to a newer version. Since the modified entries from the sources.list were removed imidiatly or the updates-repository for this version weren't added, the update isn't executed for the newer Version of libssl. Solution is: Install newest openssh-server / openssh-client If the keygeneration does not work, see which libssl-version is installed (gutsy, feisty, hardy etc.) and add the corresponding update-repository to the source.list. Running apt-get update; apt-get install libssl0.9.8 should then update to the latest update-version. Now, keygeneration should be fine. I put exactly this way (except SSH Installation) into a bash script. Running it solved, the Problem on all of my machines. Please make sure - if running it - that all it only updates libssl0.9.8. If it tells you that it has to remove some stuff you should overthink it again. On all of my machines, it only updated libssl0.9.8 and worked fine. Have fun ** Attachment added: Script for updating libssl http://launchpadlibrarian.net/15194957/update_libssl_version.sh -- [Gutsy] ssh installation results in COMPROMISED keys https://bugs.launchpad.net/bugs/230174 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 230174] Re: [Gutsy] ssh installation results in COMPROMISED keys
First, because you have a custom non-gutsy libssl0.9.8, I think this establishes the non-bugness of this report. I would suggest to the owner of this bug ticket that this be turned into a help request instead. In response to the rest of the message: the 5ubuntu3.1 version no longer exists in the security repository. If you use the same link, but change the 3.1 to 3.2, it'll work better. Normally I'd just suggest you apt-get install libssl0.9.8 (without --reinstall), but because you manually upgraded to a non-gutsy version of libssl0.9.8, this is unlikely to work. But yes, try downloading the package as mentioned above, and see if you can install it by hand. It may break some packages, especially the ones that brought in the non- gutsy libssl. All the best! -- [Gutsy] ssh installation results in COMPROMISED keys https://bugs.launchpad.net/bugs/230174 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 230174] Re: [Gutsy] ssh installation results in COMPROMISED keys
** Visibility changed to: Public -- [Gutsy] ssh installation results in COMPROMISED keys https://bugs.launchpad.net/bugs/230174 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 230174] Re: [Gutsy] ssh installation results in COMPROMISED keys
What version of libssl0.9.8 do you have installed? If older than 0.9.8e- 5ubuntu3.2 (such as if you have 0.9.8e-5ubuntu3) you will continue to generate bad keys. This is irrespective of what version of openssh- server you have, which only adds checks for vulnerable keys, and does not affect key generation. -- [Gutsy] ssh installation results in COMPROMISED keys https://bugs.launchpad.net/bugs/230174 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 230174] Re: [Gutsy] ssh installation results in COMPROMISED keys
On 05/14/2008 06:23 PM, Chris K. Jester-Young wrote: What version of libssl0.9.8 do you have installed? If older than 0.9.8e- 5ubuntu3.2 (such as if you have 0.9.8e-5ubuntu3) you will continue to generate bad keys. This is irrespective of what version of openssh- server you have, which only adds checks for vulnerable keys, and does not affect key generation. libssl0.9.8 is 0.9.8.g-4ubuntu2 No idea why my version is the newer, other than perhaps the fact that this machine is a Dapper == Edgy == Fiesty == Gutsy updated/upgraded machine and at one point I may have attempted to install a Hardy package that brought it in. I'll bring in 0.9.8e-5ubutu3.1 and see if that makes a difference Well via Synaptic the only version is libssl0.9.8-dbg: Depends: libssl0.9.8 (=0.9.8e-5ubuntu3.2) but 0.9.8g-4ubuntu3 is to be installed So that didn't work. Try again: http://packages.ubuntu.com/gutsy/i386/libssl0.9.8/download Not Found The requested URL /ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.1_i386.deb was not found on this server. deb http://security.ubuntu.com/ubuntu gutsy-security main added, and the result is: $ sudo apt-get install --reinstall libssl0.9.8 Reading package lists... Done Building dependency tree Reading state information... Done Reinstallation of libssl0.9.8 is not possible, it cannot be downloaded. Suggestions? -- [Gutsy] ssh installation results in COMPROMISED keys https://bugs.launchpad.net/bugs/230174 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs