Package: openssh-server Version: 1:4.3p2-9etch1 Severity: important
-- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-xen-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages openssh-server depends on: ii add 3.102 Add and remove users and groups ii deb 1.5.11etch1 Debian configuration management sy ii dpk 1.13.25 package maintenance system for Deb ii lib 2.6.1-6 GNU C Library: Shared libraries ii lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library ii lib 1.4.4-7etch5 MIT Kerberos runtime libraries ii lib 0.79-5 Pluggable Authentication Modules f ii lib 0.79-5 Runtime support for the PAM librar ii lib 0.79-5 Pluggable Authentication Modules l ii lib 1.32-3 SELinux shared libraries ii lib 0.9.8g-1 SSL shared libraries ii lib 7.6.dbs-13 Wietse Venema's TCP wrappers libra ii ope 0.1.1 list of blacklisted OpenSSH RSA an ii ope 1:4.3p2-9etch1 Secure shell client, an rlogin/rsh ii zli 1:1.2.3.3.dfsg-6 compression library - runtime openssh-server recommends no packages. -- debconf information: * ssh/vulnerable_host_keys: ssh/new_config: true * ssh/use_old_init_script: true ssh/encrypted_host_key_but_no_keygen: ssh/disable_cr_auth: false Subject: openssh-server: openssh does not start complaining about comprimised keys with new generated keys Package: openssh-server Version: 1:4.3p2-9etch1 Severity: important -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-xen-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages openssh-server depends on: ii add 3.102 Add and remove users and groups ii deb 1.5.11etch1 Debian configuration management sy ii dpk 1.13.25 package maintenance system for Deb ii lib 2.6.1-6 GNU C Library: Shared libraries ii lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library ii lib 1.4.4-7etch5 MIT Kerberos runtime libraries ii lib 0.79-5 Pluggable Authentication Modules f ii lib 0.79-5 Runtime support for the PAM librar ii lib 0.79-5 Pluggable Authentication Modules l ii lib 1.32-3 SELinux shared libraries ii lib 0.9.8g-1 SSL shared libraries ii lib 7.6.dbs-13 Wietse Venema's TCP wrappers libra ii ope 0.1.1 list of blacklisted OpenSSH RSA an ii ope 1:4.3p2-9etch1 Secure shell client, an rlogin/rsh ii zli 1:1.2.3.3.dfsg-6 compression library - runtime openssh-server recommends no packages. -- debconf information: * ssh/vulnerable_host_keys: ssh/new_config: true * ssh/use_old_init_script: true ssh/encrypted_host_key_but_no_keygen: ssh/disable_cr_auth: false Hi, I was updating my servers with the latest openssh patch. On one of the servers openssh refused to start again complaining about compromised keys in /etc/ssh/ssh_host_[r|d]sa_key But I did re-create these keys and check it agains the blacklists. Fingerprint of the new DSA key: 68:62:e5:a7:19:43:82:8e:f4:3f:32:d9:ec:8c:d4:bc which is NOT listed in the blacklist.DSA-1024 If I do a /etc/init.d/ssh restart ssh is complaining about COMPROMISED host key and refuses to start. Very annoying if you do not have direct access to the computer. Michael. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]