Regenerated ssh server keys for

Mark Wielaard mark at
Wed May 14 03:00:43 PDT 2008

Hi all (CCing main classpath mailinglist to get to widest exposure),

On Tue, 2008-05-13 at 19:41 +0200, Mark Wielaard wrote:
> Unfortunately was using weak ssh server keys
> because of the recently discovered Debian openssl flaw:
> The server keys have been regenerated. This will affect you if you have
> mercurial push access.
> The new RSA fingerprint is:
> 5e:ab:dd:91:f6:e4:fa:20:fa:42:cd:c3:66:29:87:09
> The new DSA fingerprint is:
> af:f7:76:fd:dc:f9:14:15:9c:5e:bb:0a:a5:69:d6:18
> I am investigating whether more steps need to be taken. Please contact
> me if you suspect having compromised keys.

New openssh server packages have been installed on all
machines (developer/planet, builder and icedtea). This server will
refuse connections from weak keys (blacklisted).

For more information on how to check whether you might have weak keys
and how to correct that situation see the attached security
announcement. If you should have access to any of these machines (or ssh
mercurial push access to icedtea and friends) and have trouble
connecting now please contact me.

Good luck out there!

-------------- next part --------------
An embedded message was scrubbed...
From: Florian Weimer <fw at>
Subject: [SECURITY] [DSA 1576-1] New openssh packages fix predictable
Date: Wed, 14 May 2008 11:24:56 +0200
Size: 18539

More information about the distro-pkg-dev mailing list