memo.xight.org

日々のメモ

ssh-vulnkey - check blacklist of compromised keys

Summary

ssh でリモートに接続しようとすると、以下のメッセージが表示された。
openssl のキー生成の乱数部分が脆弱であったようだ。

Public key XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX blacklisted (see ssh-vulnkey(1)); refusing to send it


ssh-vulnkey を実行。

% ssh-vulnkey
/path/to/homedir/.ssh/id_rsa:1: COMPROMISED: RSA 2048 XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX /path/to/homedir/.ssh/id_rsa.pub
#
# Some keys on your system have been compromised!
# You must replace them using ssh-keygen(1).
#
# See the ssh-vulnkey(1) manual page for further advice.

ssh-keygen で 鍵を更新。