Just in case anyone missed it, there's been a major vulnerability for
any SSH keys generated on a debian system over the last two years or
so ... apparently the random number generator wasn't being seeded
right, so only a few distinct keys were actually generated.
The AARNET mirror doesn't have the updated packages as of this
morning, but the Optusnet mirror does ... I suggest that
-- you install the new openssh-client package (version 1:4.7p1-9 on unstable)
-- run ssh-vulnkey -a as root to find any vulnerable keys, and get
your users to fix them.
--
Dr Peter Chubb http://www.gelato.unsw.edu.au peterc AT gelato.unsw.edu.au
http://www.ertos.nicta.com.au ERTOS within National ICT Australia
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
