Regenerate your .ssh/id_rsa key Debian users

Whoa, this security bug exposed by Luciano Bello (Ola!) is one of the worst I’ve ever seen.

Time to regenerate your key with the updated openssl 0.9.8c packages.

This seems to be Debian specific patch that caused this bug.

Further instructions should be posted on a special Debian key rollover page and the Debian wiki.

Update: key rollover is hard. :/ `ssh-vulnkey` was missing for awhile and only recent updates to openssh-server seem to regenerate the keys for me.

Advertisement

If you like this, you might like the stateless Web kiosk software I develop. Webconverger typically replaces Windows on PCs and is deployed in public and business environments for ease of deployment and privacy. Once installed it auto-updates making it painless to maintain. Try it where you exclusively use the only viable open platform... the Web!