[lug] Debian/Ubuntu keys

Nate Duehr nate at natetech.com
Thu May 15 13:25:54 MDT 2008

John Hernandez wrote:
> I suspect it updated the host keys, which is good, but individual user 
> keys (if present in authorized_keys files) may still need to be 
> regenerated.
> It's also worth noting that this can affect non-Debian systems that 
> allow key-based SSH authentication, where the key material may have been 
> generated on a vulnerable machine.
> If you administer a server with many ssh-enabled accounts, you should 
> consider using the dowkd utility to check for weak keys in 
> authorized_keys files.
> http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc
> http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
> -John

Debian released a new version of sshd that depends on the new SSL 
library previously released that also includes the ssh-vulnkey tool for 
checking your keys, and also regenerates your ssh keys automatically 
(you're prompted) if all of the dependencies are pulled in properly.

(note: "aptitude upgrade" will NOT pull in the dependencies under 
certain configurations -- interactive aptitude will)


More information about the LUG mailing list