[PLUG] openssh-server upgrade/problem resolved

Bruce KIlpatrick bakilpatrick at verizon.net
Wed May 14 16:32:24 UTC 2008


Matt McKenzie wrote:
> Did you hear about the SSH vulnerability that was patched in Debian and all
> it's derivatives (including Ubuntu)?
> Debian:
> http://lists.debian.org/debian-security-announce/2008/msg00152.html
>
> Ubuntu
> https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-May/000705.html
>
> Note this was a Debian (and derivative) specific issue, with the packages
> (random number generator wasn't really random, getting "dirty" data), not an
> issue with OpenSSH or OpenSSL itself.
>
> This is most likely the reason.
> Not sure about the templates issue you saw but it could be there was
> something related that was also fixed...
>
> As a side note you may want to regenerate your SSH keys on your Ubuntu box,
> if you log into it remotely (probably even if you don't).
>
> On Tue, May 13, 2008 at 11:35 PM, Bruce KIlpatrick <bakilpatrick at verizon.net>
> wrote:
>
>   
>> Bruce KIlpatrick wrote:
>>     
>>> This morning my HP laptop running Ubuntu 7.10 AMD64 upgraded several
>>> things relating to ssh.  All seemed to go well until the end.  It seems
>>> openssh-server has some issues.
>>>
>>> Here is what I tried and the results:
>>>
>>> :~# aptitude -f install openssh-server
>>> Reading package lists... Done
>>> Building dependency tree
>>> Reading state information... Done
>>> Reading extended state information
>>> Initializing package states... Done
>>> Building tag database... Done
>>> The following NEW packages will be installed:
>>>   openssh-server
>>> The following partially installed packages will be configured:
>>>   ssh
>>> 0 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
>>> Need to get 0B/269kB of archives. After unpacking 705kB will be used.
>>> Writing extended state information... Done
>>> Preconfiguring packages ...
>>> openssh-server template parse error: Template #4 in
>>> /tmp/openssh-server.template.79820 has a duplicate field "template" with
>>> new value "ssh/vulnerable_host_keys". Probably two templates are not
>>> properly separated by a lone newline.
>>>
>>> (Reading database ... 118664 files and directories currently installed.)
>>> Unpacking openssh-server (from
>>> .../openssh-server_1%3a4.6p1-5ubuntu0.3_amd64.deb) ...
>>> Template #4 in /var/lib/dpkg/tmp.ci/templates has a duplicate field
>>> "template" with new value "ssh/vulnerable_host_keys". Probably two
>>> templates are not properly separated by a lone newline.
>>> dpkg: error processing
>>> /var/cache/apt/archives/openssh-server_1%3a4.6p1-5ubuntu0.3_amd64.deb
>>> (--unpack):
>>>  subprocess pre-installation script returned error exit status 255
>>> Errors were encountered while processing:
>>>  /var/cache/apt/archives/openssh-server_1%3a4.6p1-5ubuntu0.3_amd64.deb
>>> E: Sub-process /usr/bin/dpkg returned an error code (1)
>>> A package failed to install.  Trying to recover:
>>> dpkg: dependency problems prevent configuration of ssh:
>>>  ssh depends on openssh-server; however:
>>>   Package openssh-server is not installed.
>>> dpkg: error processing ssh (--configure):
>>>  dependency problems - leaving unconfigured
>>> Errors were encountered while processing:
>>>  ssh
>>> Reading package lists... Done
>>> Building dependency tree
>>> Reading state information... Done
>>> Reading extended state information
>>> Initializing package states... Done
>>> Building tag database... Done
>>>
>>> I have tried to look into the directories mentioned, but can't find them
>>> (I have the "show hidden files" checked.
>>>
>>>
>>> I have Googled without finding any references to the problem.  Any
>>> suggestions as to the fix?
>>>
>>> Thank you,
>>>
>>> Bruce
>>> _______________________________________________
>>> PLUG mailing list
>>> PLUG at lists.pdxlinux.org
>>> http://lists.pdxlinux.org/mailman/listinfo/plug
>>>
>>>
>>>       
>> Well, it seems I figured out the solution on my own.  I tried using dpkg
>> in what I thought were unsuccessful attempts to resolve the dependency
>> issues.  Either something I did worked or something changed in the
>> repository and apt-get update/upgrade solved the problem.
>>
>> Bruce
>> _______________________________________________
>> PLUG mailing list
>> PLUG at lists.pdxlinux.org
>> http://lists.pdxlinux.org/mailman/listinfo/plug
>>
>>     
>
>
>
>   
Thanks for the pointer.  I received another update this morning that 
(according to what I Googled) regenerated the appropriate keys (replaced 
a certificate).  I went ahead and followed the instructions to 
regenerate them again, just for giggles.  I am not using remote login at 
this time, but will be again in the near future.

Bruce



More information about the PLUG mailing list