Regenerate your .ssh/id_rsa key Debian users

Whoa, this security bug exposed by Luciano Bello (Ola!) is one of the worst I’ve ever seen.

Time to regenerate your key with the updated openssl 0.9.8c packages.

~~This seems to be Debian specific patch that caused this bug.~~

Further instructions should be posted on a special Debian key rollover page and the Debian wiki.

Update: key rollover is hard. `ssh-vulnkey` was missing for awhile and only recent updates to openssh-server seem to regenerate the keys for me.

RSS Atom

208.97.183.9

[...] Just read this and the security release. There is a checker provided in the security release note, but at any rate, your ssh key was probably generated incorrectly with respect to random time (mine were). Joy. [...]

Comment by Here we are now, entertain us » Ubuntu-everyone: Your ssh keys should be considered compromised — Tue May 13 15:22:33 2008

200.69.145.78

Hola

Comment by Luciano — Tue May 13 17:22:05 2008

76.237.205.25

If your SSH private key is old enough that it was generated before this bug was introduced, then it might be time to update it anyway.

Comment by Ken Bloom — Tue May 13 19:29:50 2008

64.210.52.98

Debian has posted a more complete instruction set for key regeneration..

http://wiki.debian.org/SSLkeys

this affects more than just SSH keys, quite along list actually.

Comment by farslayer — Wed May 14 13:25:12 2008

24.4.60.189

Well at least they didn’t leave their laptops unattended

Comment by Timon — Sat May 17 09:42:20 2008

67.205.13.33

[...] sure you’ve heard about Debian’s OpenSSL “Disaster”. The short of it is that while fixing a [...]

Comment by Roguelazer.com › Debian OpenSSL — Sun Jan 11 02:14:48 2009

Add a comment