Regenerated ssh server keys for icedtea.classpath.org
Mark Wielaard
mark at klomp.org
Wed May 14 03:00:43 PDT 2008
Hi all (CCing main classpath mailinglist to get to widest exposure),
On Tue, 2008-05-13 at 19:41 +0200, Mark Wielaard wrote:
> Unfortunately icedtea.classpath.org was using weak ssh server keys
> because of the recently discovered Debian openssl flaw:
> http://lists.debian.org/debian-security-announce/2008/msg00152.html
>
> The server keys have been regenerated. This will affect you if you have
> mercurial push access.
>
> The new RSA fingerprint is:
> 5e:ab:dd:91:f6:e4:fa:20:fa:42:cd:c3:66:29:87:09
> The new DSA fingerprint is:
> af:f7:76:fd:dc:f9:14:15:9c:5e:bb:0a:a5:69:d6:18
>
> I am investigating whether more steps need to be taken. Please contact
> me if you suspect having compromised keys.
New openssh server packages have been installed on all classpath.org
machines (developer/planet, builder and icedtea). This server will
refuse connections from weak keys (blacklisted).
For more information on how to check whether you might have weak keys
and how to correct that situation see the attached security
announcement. If you should have access to any of these machines (or ssh
mercurial push access to icedtea and friends) and have trouble
connecting now please contact me.
Good luck out there!
Mark
-------------- next part --------------
An embedded message was scrubbed...
From: Florian Weimer <fw at deneb.enyo.de>
Subject: [SECURITY] [DSA 1576-1] New openssh packages fix predictable
randomness
Date: Wed, 14 May 2008 11:24:56 +0200
Size: 18539
Url: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20080514/68762b06/attachment.nws
More information about the distro-pkg-dev
mailing list