[ale] Debian Security Advisory...
Brian Pitts
brian at polibyte.com
Wed May 14 02:04:07 EDT 2008
Jim Popovitch wrote:
> Further to all this (and top posted to gain maximum attention), Debian
> and Ubuntu users need to MANUALLY regenerate ssh HOST keys
> (/etc/ssh/ssh_host_*key*)
I don't think Ubuntu users do. After applying the updates to Ubuntu 7.10
/etc/ssh$ ls -l
total 4224
-rw-r--r-- 1 root root 2064867 2008-05-13 08:10 blacklist.DSA-1024
-rw-r--r-- 1 root root 2064867 2008-05-13 08:10 blacklist.RSA-2048
-rw-r--r-- 1 root root 132777 2007-07-30 06:16 moduli
-rw-r--r-- 1 root root 1532 2007-07-30 06:16 ssh_config
-rw-r--r-- 1 root root 1872 2007-11-29 03:58 sshd_config
-rw------- 1 root root 672 2008-05-13 23:34 ssh_host_dsa_key
-rw------- 1 root root 672 2007-09-27 23:01 ssh_host_dsa_key.broken
-rw-r--r-- 1 root root 601 2008-05-13 23:34 ssh_host_dsa_key.pub
-rw-r--r-- 1 root root 601 2007-09-27 23:01 ssh_host_dsa_key.pub.broken
-rw------- 1 root root 1675 2008-05-13 23:34 ssh_host_rsa_key
-rw------- 1 root root 1675 2007-09-27 23:01 ssh_host_rsa_key.broken
-rw-r--r-- 1 root root 393 2008-05-13 23:34 ssh_host_rsa_key.pub
-rw-r--r-- 1 root root 393 2007-09-27 23:01 ssh_host_rsa_key.pub.broken
-Brian
More information about the Ale
mailing list