When upgrading one of the Debian stable server I administer with the latest security fixes to remedy the this bug in the ssl random number generator, I couldn’t get the newly generated server keys validated.
Amazing, I cannot believe this, having only stable package sources (with security), I upgraded all packages, but the newly generated server keys were always reported as compromised. Can it really be true that the openssl version in stable, 0.9.8c-4etch3 is not good enough to remedy the problem? I find this hard to believe.
In the end, I had to install the openssh-server package from the testing repository, after:
# rm /etc/ssh/ssh_host_* # dpkg-reconfigure openssh-server
ssh-vuln was finally happy. Dead odd. I assume I’ve missed something, but cannot really tell what it could be.
