FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Edubuntu User

 
 
LinkBack Thread Tools
 
Old 05-14-2008, 07:45 PM
dbclinton
 
Default clients locked out was OpenSSL vulnerability

On Wed, 2008-05-14 at 12:17 -0700, john wrote:
> I ran the ssl upgrade provided via package manager on my dev-box
> running Hardy and rebooted and found my thin clients locked out.
> Bummer. Glad I didn't apply this against a production box.

There should be a file dealing with this problem on your system at
/usr/share/doc/openssh-server/README.compromised-keys.gz

I have the same problem and I'm working on it now.


--
edubuntu-users mailing list
edubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
 
Old 05-14-2008, 07:49 PM
Thierry Munoz
 
Default clients locked out was OpenSSL vulnerability

Hi,

I'm in the same case.

What I have to do in order that my thin clients could connect my server
after the upgrade of openssh ?

Thanks,



Thierry



john a écrit*:

On Tue, May 13, 2008 at 9:12 PM, Richard Doyle
<rdoyle@islandnetworks.com> wrote:


There is a potentially serious vulnerability in OpenSSL which affects
Edubuntu and other Debian-based distributions:
http://www.ubuntu.com/usn/usn-612-1

Fixes are described in http://wiki.debian.org/SSLkeys . Since SSH is a
vital part of Edubuntu, and is affected by the vulnerability, every
affected system should be fixed ASAP. As I understand it, the fix for
version version 7.04 is to run the following commands:

sudo rm /etc/ssh/ssh_host_*
sudo dpkg-reconfigure openssh-server
sudo ltsp-update-sshkeys






I ran the ssl upgrade provided via package manager on my dev-box
running Hardy and rebooted and found my thin clients locked out.
Bummer. Glad I didn't apply this against a production box.

Next I ran the commands Richard mentioned, but no joy there either. I
can log on to the box via the console but thin clients are locked out.

Anyone got a fix? Do I need to chroot to /opt/ltsp/ and rebuild the image??

Can we get an edubuntu specific fix figured out and posted to the wiki asap?


John







--
edubuntu-users mailing list
edubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users









--
edubuntu-users mailing list
edubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
 
Old 05-14-2008, 08:13 PM
Oliver Grawert
 
Default clients locked out was OpenSSL vulnerability

hi,
Am Mittwoch, den 14.05.2008, 12:17 -0700 schrieb john:

> I ran the ssl upgrade provided via package manager on my dev-box
> running Hardy and rebooted and found my thin clients locked out.
> Bummer. Glad I didn't apply this against a production box.
to populate the client filesystem with new ssh keys use:

sudo ltsp-update-sshkeys

and then re-roll the image with:

sudo ltsp-update-image

the new keys will be used after the next reboot of your clients.

ciao
oli
--
edubuntu-users mailing list
edubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
 
Old 05-14-2008, 08:39 PM
Thierry Munoz
 
Default clients locked out was OpenSSL vulnerability

Thank you for your response.

I used "sudo ltsp-update-sshkeys" but not "sudo ltsp-update-image".
I'll try tomorrow.

Regards,



Thierry



Oliver Grawert a écrit*:

hi,
Am Mittwoch, den 14.05.2008, 12:17 -0700 schrieb john:



I ran the ssl upgrade provided via package manager on my dev-box
running Hardy and rebooted and found my thin clients locked out.
Bummer. Glad I didn't apply this against a production box.


to populate the client filesystem with new ssh keys use:

sudo ltsp-update-sshkeys

and then re-roll the image with:

sudo ltsp-update-image

the new keys will be used after the next reboot of your clients.

ciao
oli





--
edubuntu-users mailing list
edubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
 
Old 05-14-2008, 09:21 PM
john
 
Default clients locked out was OpenSSL vulnerability

On Wed, May 14, 2008 at 1:13 PM, Oliver Grawert <ogra@ubuntu.com> wrote:
> hi,
> Am Mittwoch, den 14.05.2008, 12:17 -0700 schrieb john:
>
>> I ran the ssl upgrade provided via package manager on my dev-box
>> running Hardy and rebooted and found my thin clients locked out.
>> Bummer. Glad I didn't apply this against a production box.
> to populate the client filesystem with new ssh keys use:
>
> sudo ltsp-update-sshkeys
>
> and then re-roll the image with:
>
> sudo ltsp-update-image
>
> the new keys will be used after the next reboot of your clients.
>
> ciao
> oli
Thanks Oli,

Since this appears to be a non-obvious solution for more folks than
just me, would it be possible for you to place this on the wiki?

I appreciate the help.

John

>
> --
> edubuntu-users mailing list
> edubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
>
>

--
edubuntu-users mailing list
edubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
 

Thread Tools




All times are GMT. The time now is 04:43 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org