-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2008-05-23 19:34, Ed Curtis wrote: > I have two deb machines I ssh to constantly on our lan. I had previously > set up ssh-keys on these machines to rsync files to one machine. This > morning I ran the ssh update the system update wanted me to run and > can't ssh to this machine without using a password. I've rerun the > keygen on the other machines and transfered them to the computer I log > into but still get prompted for the password. Any ideas? I figure it's > something to do with the update as it generated all new host keys, etc > after it was installed.
Have you really deleted *all* the vulnerable keys, ie. user keys and machine keys? (As root run "ssh-vulnkey -a" to check for vulnerable keys. ) Delete all vulnerable keys, ie. all that were generated or could possibly be created with the affected versions of openssh/openssl. Create new keys. Debian won't allow log in of users or machines with vulnerable keys. NB: Be careful, if you have to do this via ssh to a remote box. You might not be able to log into that box, if you commit a mistake. HTH, Johannes -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFINw1SC1NzPRl9qEURApTnAJ40hDWixnuaRHBfii5Naa7qpq5/QACfVuMV r0GA+aiczyA5WvjpYI8HXB4= =Aprd -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
