OpenSSH server host keys

  • cinder
Posted: Sat, 01/03/2009 - 08:02
Hello! I got this message whilst updating my studio64 2.1 desktop with synaptic the other day... Some of the OpenSSH server host keys on this system were generated with a version of OpenSSL that had a broken random number generator. As a result, these host keys are from a well-known set, are subject to brute-force attacks, and must be regenerated. Users of this system should be informed of this change, as they will be prompted about the host key change the next time they log in. Use 'ssh-keygen -l -f HOST_KEY_FILE' after the upgrade has changed to print the fingerprints of the new host keys. The affected host keys are: /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key User keys may also be affected by this problem. The 'ssh-vulnkey' command may be used as a partial test for this. See /usr/share/doc/openssh-server/README.compromised-keys.gz for more details. ... has anybody seen this before? It is says in the README that came with the update package that was installed, that it apply's to all Debian derives systems including Ubuntu, but nothing has come up on my Debian Etch laptop. I ran ssh_vulnkey and it said there were no blacklisted keys. Should I be concerned about this?


  • Quentin Harley
  • 05/24/07
  • Sat, 01/03/2009 - 08:17
This was fixed in an update to 64 Studio a long time ago... No need to fret Cheers, Q