Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Tue, May 13, 2008 at 4:31 PM, Vincent Bernat <bernat@debian.org> wrote:
> OoO En cette soirée bien amorcée du mardi 13 mai 2008, vers 22:21, "John
> Keimel" <john@keimel.com> disait:
>
>
> >> Since some keys are generated automatically, (e.g. ssh host keys) users will
> >> have to regenerate keys,they haven't generated in the first place and might
> >> not be aware of their existens.
> >> That's bad.
> >>
>
>
> > The only instructions I've seen for regenerating host keys include
> > shutting down the sshd server. This is impossible in some servers I
> > have, so is there another way?
>
> Restarting OpenSSH do not close existing connections.
Yes, that's correct. I agree.
But the instructions I saw were for 'shutting down the SSHD server' -
not just 'restarting it'.
That's why I asked. I think Ian's suggestion will work just fine for
me though, so I'll give that a go.
Thanks folks.
Reply to: