Bug#481446: closed by Colin Watson <[EMAIL PROTECTED]> (Re: Bug#481446: openssh-server: openssh does not start complaining about comprimised keys with new generated keys)
Ugh - sorry for the extra post - but I found bug http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481519 and had the same problem - somewhere I managed to get a testing verion of libssl0.9.8 - a downgrade fixed my problem. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#481446: closed by Colin Watson <[EMAIL PROTECTED]> (Re: Bug#481446: openssh-server: openssh does not start complaining about comprimised keys with new generated keys)
"I don't know how you managed it (given that openssh-server depends on a good enough version; perhaps you have it on hold or something?), but that version of libssl0.9.8 is absolutely vulnerable. You need to upgrade to 0.9.8g-9 or newer." I'm having the same problem on 64bit etch - apt-get dist-upgrade shows no updates, but the host keys generated are still listed as compromised. apt-cache showpkg openssh-server Versions: 1:4.3p2-9etch2 1:4.3p2-9 apt-cache showpkg openssl: Versions: 0.9.8c-4etch3 0.9.8c-4etch1 dpkg -l libssl0.9.8: Version 0.9.8g-4 sshd: OpenSSH_4.3p2 Debian-9etch2, OpenSSL 0.9.8g kernel: 2.6.18-5-amd64 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#481446: closed by Colin Watson <[EMAIL PROTECTED]> (Re: Bug#481446: openssh-server: openssh does not start complaining about comprimised keys with new generated keys)
On Fri, May 16, 2008 at 11:57:16AM +0200, Michael Schwartzkopff wrote: > thanks for the explanation. I understood that my system still creates > comprimised keys. I did a full apt-get update and apt-get upgrade. After > thank I installed ssh with > apt-get install openssh-server openssh-client > > When I create a new host key with > ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key > > this key is also compromised. I checked it. So why is that, although I have: > xen00:~# dpkg -l libssl0.9.8 > Desired=Unknown/Install/Remove/Purge/Hold > | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed > |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: > uppercase=bad) > ||/ Name VersionDescription > +++-==-==- > ii libssl0.9.80.9.8g-1 SSL shared libraries I don't know how you managed it (given that openssh-server depends on a good enough version; perhaps you have it on hold or something?), but that version of libssl0.9.8 is absolutely vulnerable. You need to upgrade to 0.9.8g-9 or newer. Cheers, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#481446: closed by Colin Watson <[EMAIL PROTECTED]> (Re: Bug#481446: openssh-server: openssh does not start complaining about comprimised keys with new generated keys)
Am Freitag, 16. Mai 2008 11:42 schrieb Debian Bug Tracking System: > This is an automatic notification regarding your Bug report > which was filed against the openssh-server package: > > #481446: openssh-server: openssh does not start complaining about > comprimised keys with new generated keys > > It has been closed by Colin Watson <[EMAIL PROTECTED]>. > > Their explanation is attached below along with your original report. > If this explanation is unsatisfactory and you have not received a > better one in a separate message then please contact Colin Watson > <[EMAIL PROTECTED]> by replying to this email. HI, thanks for the explanation. I understood that my system still creates comprimised keys. I did a full apt-get update and apt-get upgrade. After thank I installed ssh with apt-get install openssh-server openssh-client When I create a new host key with ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key this key is also compromised. I checked it. So why is that, although I have: xen00:~# dpkg -l libssl0.9.8 Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name VersionDescription +++-==-==- ii libssl0.9.80.9.8g-1 SSL shared libraries Perhaps this machine beeing a xen host is the problem? Sincerely Yours, -- Dr. Michael Schwartzkopff MultiNET Services GmbH Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany Tel: +49 - 89 - 45 69 11 0 Fax: +49 - 89 - 45 69 11 21 mob: +49 - 174 - 343 28 75 mail: [EMAIL PROTECTED] web: www.multinet.de Sitz der Gesellschaft: 85630 Grasbrunn Registergericht: Amtsgericht München HRB 114375 Geschäftsführer: Günter Jurgeneit, Hubert Martens --- PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]