FAIL: COMPROMISED SSH Public Key on Ubuntu
Last night I was setting up a new application on my server and while I was configuring capistrano I came across this strange problem and didn’t immediately find much help on google, so I thought I would post this to help someone else along.
I had already setup my ssh keys months ago but when I tried to ssh into my subversion repository it would ask me for a password/passphrase and it just about drove me crazy.
I came across this article in google and checked off each potential problem and nothing. Then I saw that my key was conprimized when I ran the “ssh-vulnkey -a” command.
capistrano@allison:~/.ssh$ ssh-vulnkey -a Unknown (no blacklist information): 2048 5a:b4:d6:94:10:14:e1:a0:35:35:ff:c6:08:e6:9f:10 Not blacklisted: 2048 5f:43:c2:f0:fb:e6:52:c4:90:59:fb:d2:e0:fe:66:d0 Unknown (no blacklist information): 2048 ab:5e:39:5c:33:f0:02:e3:cf:cd:99:84:ca:9e:f8:e1 Paul@paul-hepworths-computer.local COMPROMISED: 2048 81:85:1d:a7:b1:c6:ff:b2:d5:3f:60:3e:2e:c0:25:5c capistrano@mislice COMPROMISED: 1024 fa:87:13:5f:0c:01:3e:53:b9:a1:ff:4a:8a:29:b2:a1 capistrano@mislice
So I searched google some more to find out how to fix the problem. I regenerated keys multiple times on my client server and no-dice.
Then after searching and searching I found this tutorial and followed it to update openssl and openssh and regenerate my private keys .
What a relief! (and a waste of time, but now I am secure I guess)