[Gutsy] ssh installation results in COMPROMISED keys
This bug report was converted into a question: question #33172: [Gutsy] ssh installation results in COMPROMISED keys.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Invalid
|
Undecided
|
Kees Cook |
Bug Description
Following todays updates http://
$ sudo ssh-vulnkey -a
and notice that my rsa and dsa keys were "Compromised". So I completely uninstalled and purged all ssh packages (ssh, openssh-server etc), deleted the ~/.ssh and /etc/ssh folders. Rebooted & made sure that I had no further ssh packages on the system.
I then installed ssh. The result (shown in the attached file) are yet again compromised keys and the initial warning during install:
====
Vulnerable host keys will be regenerated
Some of the OpenSSH server host keys on this system were generated with
a version of OpenSSL that had a broken random number generator. As a
result, these host keys are from a well-known set, are subject to
brute-force attacks, and must be regenerated.
Users of this system should be informed of this change, as they will be
prompted about the host key change the next time they log in. Use
'ssh-keygen -l -f HOST_KEY_FILE' after the upgrade has changed to print
the fingerprints of the new host keys.
The affected host keys are:
/etc/ssh/
User keys may also be affected by this problem. The 'ssh-vulnkey'
command may be used as a partial test for this. See
/usr/
details.
====
~$ sudo ssh-vulnkey -a
COMPROMISED: 2048 87:99:30:
COMPROMISED: 1024 2c:66:57:
This is a clean reinstall using the standard http://
Note: update to my Hardy systems went well - I had to reinstall NX, but I need to update anyway. It is only the Gutsy system that I encounter this problem.
/etc/ssh/
Installed the following packages:
openssh-blacklist (0.1-1ubuntu0.
openssh-client (1:4.6p1-
openssh-server (1:4.6p1-
Is it possible you did not install the updated openssl package before installing ssh? This could cause ssh to regenerate bad keys.