clients locked out was Re: OpenSSL vulnerability
john
lists.john at gmail.com
Wed May 14 20:17:31 BST 2008
On Tue, May 13, 2008 at 9:12 PM, Richard Doyle
<rdoyle at islandnetworks.com> wrote:
> There is a potentially serious vulnerability in OpenSSL which affects
> Edubuntu and other Debian-based distributions:
> http://www.ubuntu.com/usn/usn-612-1
>
> Fixes are described in http://wiki.debian.org/SSLkeys . Since SSH is a
> vital part of Edubuntu, and is affected by the vulnerability, every
> affected system should be fixed ASAP. As I understand it, the fix for
> version version 7.04 is to run the following commands:
>
> sudo rm /etc/ssh/ssh_host_*
> sudo dpkg-reconfigure openssh-server
> sudo ltsp-update-sshkeys
>
>
I ran the ssl upgrade provided via package manager on my dev-box
running Hardy and rebooted and found my thin clients locked out.
Bummer. Glad I didn't apply this against a production box.
Next I ran the commands Richard mentioned, but no joy there either. I
can log on to the box via the console but thin clients are locked out.
Anyone got a fix? Do I need to chroot to /opt/ltsp/ and rebuild the image??
Can we get an edubuntu specific fix figured out and posted to the wiki asap?
John
>
>
>
>
> --
> edubuntu-users mailing list
> edubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
>
More information about the edubuntu-users
mailing list