SSH Keys and Debian

23/05/2008, 18h50

I have two deb machines I ssh to constantly on our lan. I had previously
set up ssh-keys on these machines to rsync files to one machine. This
morning I ran the ssh update the system update wanted me to run and
can't ssh to this machine without using a password. I've rerun the
keygen on the other machines and transfered them to the computer I log
into but still get prompted for the password. Any ideas? I figure it's
something to do with the update as it generated all new host keys, etc
after it was installed.

Thanks,

Ed

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

23/05/2008, 19h40

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2008-05-23 19:34, Ed Curtis wrote:
> I have two deb machines I ssh to constantly on our lan. I had previously
> set up ssh-keys on these machines to rsync files to one machine. This
> morning I ran the ssh update the system update wanted me to run and
> can't ssh to this machine without using a password. I've rerun the
> keygen on the other machines and transfered them to the computer I log
> into but still get prompted for the password. Any ideas? I figure it's
> something to do with the update as it generated all new host keys, etc
> after it was installed.

Have you really deleted *all* the vulnerable keys, ie. user keys and
machine keys?

(As root run "ssh-vulnkey -a" to check for vulnerable keys. )

Delete all vulnerable keys, ie. all that were generated or could
possibly be created with the affected versions of openssh/openssl.

Create new keys.

Debian won't allow log in of users or machines with vulnerable keys.

NB: Be careful, if you have to do this via ssh to a remote box. You
might not be able to log into that box, if you commit a mistake.

HTH,

Johannes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFINw1SC1NzPRl9qEURApTnAJ40hDWixnuaRHBfii5Naa 7qpq5/QACfVuMV
r0GA+aiczyA5WvjpYI8HXB4=
=Aprd
-----END PGP SIGNATURE-----

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

23/05/2008, 18h50	#1
Ed Curtis Messages: n/a Hébergeur:	SSH Keys and Debian I have two deb machines I ssh to constantly on our lan. I had previously set up ssh-keys on these machines to rsync files to one machine. This morning I ran the ssh update the system update wanted me to run and can't ssh to this machine without using a password. I've rerun the keygen on the other machines and transfered them to the computer I log into but still get prompted for the password. Any ideas? I figure it's something to do with the update as it generated all new host keys, etc after it was installed. Thanks, Ed -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

23/05/2008, 19h40	#2
Johannes Wiedersich Messages: n/a Hébergeur:	Re: SSH Keys and Debian -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2008-05-23 19:34, Ed Curtis wrote: > I have two deb machines I ssh to constantly on our lan. I had previously > set up ssh-keys on these machines to rsync files to one machine. This > morning I ran the ssh update the system update wanted me to run and > can't ssh to this machine without using a password. I've rerun the > keygen on the other machines and transfered them to the computer I log > into but still get prompted for the password. Any ideas? I figure it's > something to do with the update as it generated all new host keys, etc > after it was installed. Have you really deleted all the vulnerable keys, ie. user keys and machine keys? (As root run "ssh-vulnkey -a" to check for vulnerable keys. ) Delete all vulnerable keys, ie. all that were generated or could possibly be created with the affected versions of openssh/openssl. Create new keys. Debian won't allow log in of users or machines with vulnerable keys. NB: Be careful, if you have to do this via ssh to a remote box. You might not be able to log into that box, if you commit a mistake. HTH, Johannes -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFINw1SC1NzPRl9qEURApTnAJ40hDWixnuaRHBfii5Naa 7qpq5/QACfVuMV r0GA+aiczyA5WvjpYI8HXB4= =Aprd -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email