May 15, 2008
Here’s my unofficial take on the OpenSSL/Debian mess:
If you do not understand the implications of which kind of keys are threatened then create new keys on a known-patched system(Any and All Fedora/RHEL/CentOS systems are known safe) and replace all of your old ones.
Update: Just in case someone is misunderstanding what I’m saying here. I’m not bad mouthing debian, I’m not saying that fedora is invulnerable to bugs. I am saying that if you’re worried about whether or not the system you’re running can safely generate a new ssh key you should know that to the best knowledge at this time Fedora/Centos/RHEL are known to be safe for generating new keys with sufficient randomness.
That is all.