Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Hello,
Am Dienstag, 13. Mai 2008 schrieb John Keimel:
> On Tue, May 13, 2008 at 4:31 PM, Vincent Bernat <bernat@debian.org> wrote:
> > OoO En cette soirée bien amorcée du mardi 13 mai 2008, vers 22:21, "John
> >
> > Keimel" <john@keimel.com> disait:
> > >> Since some keys are generated automatically, (e.g. ssh host keys)
> > >> users will have to regenerate keys,they haven't generated in the
> > >> first place and might not be aware of their existens.
> > >> That's bad.
> > >
> > > The only instructions I've seen for regenerating host keys include
> > > shutting down the sshd server. This is impossible in some servers I
> > > have, so is there another way?
> >
> > Restarting OpenSSH do not close existing connections.
>
> Yes, that's correct. I agree.
>
> But the instructions I saw were for 'shutting down the SSHD server' -
> not just 'restarting it'.
>
> That's why I asked. I think Ian's suggestion will work just fine for
> me though, so I'll give that a go.
rm /etc/ssh/ssh_host_*
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
/etc/init.d/ssh restart
-> job done.
Keep smiling
yanosz
Reply to: