Updating RSA keys and known_hosts (in the wake of the recent Debian vulnerability)
My first word of this was from Gustavo, and I later read more about it on computerworld. Apparently, all SSL and SSH keys generated between September 17th 2006 and May 13th 2008 are due to a bug discovered on May 13 vulnerable to brute force attacks.
My server, which I call "libernode", but is actually the main server of Libervis Network (and soon to host both Libervis.com and Nuxified.org) runs Debian and the latest update fixed the hole and forced regeneration of all keys (at least I think so, but I'll have to check again with the supplied ssh-vulnkey. Luckily we only have few SSH users, most of which are Nuxified members.
I wanted to send an email notification about this, just in case anyone wants to connect, but couldn't (faced with the "remote host identification has changed" warning), however I'm not sure what to recommend as a way to update the .ssh/known_hosts file. I personally don't mind just deleting it and then answering "yes" again to SSH prompts, but there might be a better way to recommend to others.. I looked around a bit, but couldn't find it.. they just usually say to update it..
And manually editing the file is scary.. it only contains long strings of numbers and letters so it's not easy to know which key is for what server.