Re: Debian still generated bad ssh keys

Sun, 01 Jun 2008 02:41:21 -0700 

I had the same problem (bad keys generated after dist-upgrade),
and I updated my source.list (in a most newbie way, without investigating anything) 
from:

   deb http://mirror.isoc.org.il/pub/debian/ etch main non-free contrib
   deb-src http://mirror.isoc.org.il/pub/debian/ etch main non-free contrib

to:

   deb http://security.debian.org/ etch/updates main
   deb-src http://security.debian.org/ etch/updates main

   deb http://mirror.isoc.org.il/pub/debian etch main contrib
   deb-src http://mirror.isoc.org.il/pub/debian etch main contrib

and dist-upgraded again. That did the trick.
Hope that helps.
--
Ori. (^-^)

Amos Shapira wrote:

(Sent to Noam in private by mistake - sorry Noam)

On Fri, May 16, 2008 at 7:06 PM, Noam Rathaus <[EMAIL PROTECTED]> wrote:

The new ssl and ssh packages don't work if they are given known vulnerable

During upgrade/update they upgrade/replace bad keys


All packages on my Debian Etch desktop are up to date, "vulnkeys"
found old vulnerable keys and I cleaned them up (also from other
systems).

BUT - I can't generate good keys on Debian any more:

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ashapira/.ssh/id_rsa):
/home/ashapira/test
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ashapira/test.
Your public key has been saved in /home/ashapira/test.pub.
The key fingerprint is:
89:29:fc:c1:b8:fc:f1:db:31:59:5f:ff:34:12:a8:09 [EMAIL PROTECTED]
[EMAIL PROTECTED]:~$ ssh-vulnkey ~/test
COMPROMISED: 2048 89:29:fc:c1:b8:fc:f1:db:31:59:5f:ff:34:12:a8:09
/home/ashapira/test.pub
[EMAIL PROTECTED]:~$

Right now I get around this by generating keys on CentOS systems but
can anyone tell me how to get it (ssh-keygen on Debian) fixed?

Thanks,

--Amos

=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]




=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Reply via email to