headers
Joshua J. Kugler | 14 May 21:22

Debian SSH security upgrade breaks SSH!

This is both a warning and a cry for help! :)

I installed the upgraded SSH packages and it regenerated the SSH keys. =20
Not a big problem, right? Wrong.  Even the newly generated keys are on=20
the blacklist, AND the server will not connect with keys that are on=20
the blacklist, so no new connections can be created.  So, existing=20
connections are OK, but don't logout, or you'll never get back in.

Anyone have a fix yet?

j

=2D-=20
Joshua Kugler
Part-Time System Admin/Programmer
http://www.eeinternet.com
PGP Key: http://pgp.mit.edu/ =A0ID 0xDB26D7CE
Permalink | Reply |
headers
Joshua J. Kugler | 14 May 21:51

FIXED. Re: Debian SSH security upgrade breaks SSH!

Problem fixed. It wasn't my fault (directly) but it wasn't a debian=20
problem either.

=46or those who care: after the server was set up (before it was under my=20
control), it was, for a while, pulling from testing repository, and=20
along the way got a version of openssl installed that appeared to be=20
newer then the version in stable, but of course still had the=20
vulnerability.  So, since it was now pulling from stable, the package=20
didn't get upgraded.  Pulling and installing openssl, libssl0.9.8 and=20
libssl-dev manually fixed the problem.

j

=2D-=20
Joshua Kugler
Part-Time System Admin/Programmer
http://www.eeinternet.com
PGP Key: http://pgp.mit.edu/ =A0ID 0xDB26D7CE
Permalink | Reply |

Gmane