Hi,
Mario 'BitKoenig' Holbe wrote:
Kurt Roeckx <[EMAIL PROTECTED]> wrote:
So my question is, does either the ssh client or server use openssl
to generate the random number used to sign?
Yes, they both do.
ssh-dss.c:ssh_dss_sign() calls openssh's DSA_do_sign() which finally
goes down to ssleay_rand_add() (via
dsa_sign_setup()->BN_rand_range()-> RAND_add()->RAND_SSLeay()).
And ssh_dss_sign(), in turn, is used via key_sign() in the ssh server
as well as the client.
Okay, if we updated (on stable):
openssl_0.9.8c-4etch3_i386.deb
libssl0.9.8_0.9.8c-4etch3_i386.deb
Then re-generated all keys and certificates.....
Later we get these updates:
openssh-blacklist_0.1.1_all.deb
ssh_1%3a4.3p2-9etch1_all.deb
openssh-server_1%3a4.3p2-9etch1_i386.deb
openssh-client_1%3a4.3p2-9etch1_i386.deb
So, do we need to re-generate keys and certs again now or will they be fine?
The tests against the certs seems to be fine, but I want to be sure that the
later updates were not required for the re-generation to be worthwhile.
Kind Regards
AndrewM
Andrew McGlashan
Broadband Solutions now including VoIP
Current Land Line No: 03 9912 0504
Mobile: 04 2574 1827 Fax: 03 9012 2178
National No: 1300 85 3804
Affinity Vision Australia Pty Ltd
http://www.affinityvision.com.au
http://adsl2choice.net.au
In Case of Emergency -- http://www.affinityvision.com.au/ice.html
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
