Re: ssh-keygen still gives vulnerable keys

2008-06-04 Thread Dan Christensen
"s. keeling" <[EMAIL PROTECTED]> writes: > I don't use *buntu myself, but I've no problem with *buntu users > seeking Debian answers here. Just to clarify: the original poster was a *Debian* user. I simply was reporting that the same thing happened on Ubuntu, so this was not restricted to a si

Re: ssh-keygen still gives vulnerable keys

2008-06-04 Thread Dmitry Nedospasov
I use both debian and ubuntu, but the ubuntu lists are quite good as well, so ubuntu users should stick to that for ubuntu question IMHO. P.S. thanks to all the people who found the vulnerability and made the fix. It was much more painless than i thought. D. On Jun 5, 2008, at 01:51, s. ke

Re: ssh-keygen still gives vulnerable keys

2008-06-04 Thread s. keeling
Harrison Conlin <[EMAIL PROTECTED]>: > On Wed, Jun 4, 2008 at 10:58 AM, Dan Christensen <[EMAIL PROTECTED]> wrote: > > I had this problem with a completely up-to-date Ubuntu gutsy install on > > > > I can't reproduce this now, as I have since upgraded the machine to > > hardy, which doesn't show t

Re: ssh-keygen still gives vulnerable keys

2008-06-03 Thread Harrison Conlin
On Wed, Jun 4, 2008 at 10:58 AM, Dan Christensen <[EMAIL PROTECTED]> wrote: > I had this problem with a completely up-to-date Ubuntu gutsy install on > a MacBook Pro. Every time I ran ssh-keygen, the keys were reported as > vulnerable. On two other up-to-date gutsy machine, I didn't have this > p

Re: ssh-keygen still gives vulnerable keys

2008-06-03 Thread Dan Christensen
"R. W. Rodolico" <[EMAIL PROTECTED]> writes: > Performing the update (including the openssh server and client) did not > fix the problem and, ssh-vulnkey still reported the host keys and the > key used for backup as vulnerable. I had this problem with a completely up-to-date Ubuntu gutsy install

Re: ssh-keygen still gives vulnerable keys

2008-06-03 Thread Stephen Gran
This one time, at band camp, R. W. Rodolico said: > Any ideas on why ssh-keygen would continue to create vulnerable keys > after the update? Because you upgraded openssl but not libssl? Almost every time someone has reported this, that's been the cause. -- --

ssh-keygen still gives vulnerable keys

2008-06-03 Thread R. W. Rodolico
I found that one of our clients servers had not been updated in almost a year, so I updated it. This included the recent fixes to the ssh problem. The reason for the service call was that it was not backing up to its backup server, which happens as an rsync over ssh cron job. Performing the update