Bug#481860: openssh-server upgrade didn't remove all compromised keys from /etc/ssh

On 2008-06-04 16:59:09 +0200, Raphael Hertzog wrote: non-default because ssh-keygen does generate 2048 bits keys for RSA by default since quite some time and the postinst doesn't give an explicit size when it creates the keys. openssh (1:4.2p1-1) unstable; urgency=low [...] - Increase

Bug#481860: openssh-server upgrade didn't remove all compromised keys from /etc/ssh

On Thu, 05 Jun 2008, Vincent Lefevre wrote: I installed the machine on 2008-01-30 (from a CD) then upgraded to sid. The dpkg log says concerning the upgrades: What CD? An Etch CD? 2008-01-30 23:49:03 upgrade libssl0.9.8 0.9.8c-4etch1 0.9.8g-4 2008-01-31 00:50:15 upgrade openssh-server

Processed: Re: Bug#481860: openssh-server upgrade didn't remove all compromised keys from /etc/ssh

Processing commands for [EMAIL PROTECTED]: severity 481860 normal Bug#481860: openssh-server upgrade didn't remove all compromised keys from /etc/ssh Severity set to `normal' from `grave' thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system

Bug#481860: openssh-server upgrade didn't remove all compromised keys from /etc/ssh

severity 481860 normal thanks On 2008-06-05 14:33:55 +0200, Raphael Hertzog wrote: On Thu, 05 Jun 2008, Vincent Lefevre wrote: I installed the machine on 2008-01-30 (from a CD) then upgraded to sid. The dpkg log says concerning the upgrades: What CD? An Etch CD? Sorry, I mixed up with

Bug#481860: openssh-server upgrade didn't remove all compromised keys from /etc/ssh

On Mon, 19 May 2008, Vincent Lefevre wrote: On another Debian machihe, I can see that ssh-vulnkey outputs Unknown (no blacklist information) for the RSA key, probably because openssh-blacklist-extra isn't installed on this machine. The description field of openssh-blacklist-extra says: list

Bug#481860: openssh-server upgrade didn't remove all compromised keys from /etc/ssh

On Mon, May 19, 2008 at 04:28:46AM +0200, Vincent Lefevre wrote: When I upgraded openssh-server, ssh_host_dsa_key has been replaced because it was compromised, but not ssh_host_rsa_key, but this one was compromised too! What does 'grep -i hostkey /etc/ssh/sshd_config' say? -- Colin Watson

Bug#481860: openssh-server upgrade didn't remove all compromised keys from /etc/ssh

On 2008-05-19 07:26:29 +0100, Colin Watson wrote: On Mon, May 19, 2008 at 04:28:46AM +0200, Vincent Lefevre wrote: When I upgraded openssh-server, ssh_host_dsa_key has been replaced because it was compromised, but not ssh_host_rsa_key, but this one was compromised too! What does 'grep -i

Bug#481860: openssh-server upgrade didn't remove all compromised keys from /etc/ssh

On 2008-05-19 10:35:58 +0200, Vincent Lefevre wrote: On 2008-05-19 07:26:29 +0100, Colin Watson wrote: On Mon, May 19, 2008 at 04:28:46AM +0200, Vincent Lefevre wrote: When I upgraded openssh-server, ssh_host_dsa_key has been replaced because it was compromised, but not ssh_host_rsa_key,

Bug#481860: openssh-server upgrade didn't remove all compromised keys from /etc/ssh

Package: openssh-server Version: 1:4.7p1-10 Severity: grave Tags: security Justification: user security hole When I upgraded openssh-server, ssh_host_dsa_key has been replaced because it was compromised, but not ssh_host_rsa_key, but this one was compromised too! $ ll /etc/ssh -rw-r--r-- 1 root