OpenSSL vulnerability

[murchball]

I'm confused. I just did an apt-get update and apt-get upgrade but for some reason it's holding back openssh-client and openssh-server. Is this because they're still working on a patch for the patch?

[sunbird]

That one is a udeb --- those are used in the installer, you don't need them on a complete system.

Eek! Didn't know that. And I thought I was missing something important.

[jojo4u]

anyone know where to find the magic fix program:
ssh-vulnkey

as mentioned in the releases.

Code:

`--> wajig whichpkg ssh-vulnkey 
File Path                                                   Package          
===========================================================-=================
INSTALLED
/usr/bin/ssh-vulnkey                                        openssh-client   
/usr/share/man/man1/ssh-vulnkey.1.gz                        openssh-client 
  
`--> wajig status openssh-client
Package                 Installed       
=======================-===============
openssh-client      	1:4.7p1-8ubuntu1.1

[Kimos]

Okay here's how I did it for SSH. Not the most elegant way but it works.

...

I'm pretty sure there's an easier way. For SSH2:

Code:

sudo ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
sudo ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa

I'll give it a shot when I get home. I'm not entirely confident that I should try overwriting my SSH keys while using an SSH session.

[Monicker]

I'm confused. I just did an apt-get update and apt-get upgrade but for some reason it's holding back openssh-client and openssh-server. Is this because they're still working on a patch for the patch?

The update is not on all of the mirror repositories yet. You can get from the main repository though.

[whoop]

i ran "sudo ssh-vulnkey -a". It gave me no output at all. What does this mean?
Has anybody succesfully re-generated their keys yet using ssh-keygen? And what was the exact method used?

Cheers

[tubezninja]

I'm confused. I just did an apt-get update and apt-get upgrade but for some reason it's holding back openssh-client and openssh-server. Is this because they're still working on a patch for the patch?

Not sure why apt-get is doing that, but I solved the problem by logging in at the console and doing the following:

Code:

sudo apt-get purge openssh-client openssh-server
sudo apt-get install openssh-client openssh-server

It installed, along with ssh-vulnkey, and generated new keys.

[Valliant]

Just looking for a bit of clarity here.

After patching, I'm going to have to repurchase all my CA provided SSL certificates aren't I?

[randyrick]

https://lists.ubuntu.com/archives/ub...ay/000705.html

http://lists.debian.org/debian-secur.../msg00152.html

I went ahead & dist-upgraded and during the upgrade SSH keys were regenerated, nice.

Does this mean everything I generated an SSL certificate for should also be recreated???

[Dr Small]

Most likely. I would at least for added security.
I just got done recreating my SSH keys