Hi.

As you might have noticed, there was a big problem discovered in the Debian OpenSSL packages that caused generated SSL keys to be very weak. Among others this affects keys generated for SSH authentication.

For more information see the security advisories for Debian OpenSSL: http://www.debian.org/security/2008/dsa-1571 Debian OpenSSH: http://www.debian.org/security/2008/dsa-1576 Ubuntu: http://www.ubuntu.com/usn/usn-612-1

As a security measure the Debian SSH server will now reject keys that are known to be weak. Custodians that suddenly can't log in to our servers anymore should generate a new key after applying the security updates above or on a different system that doesn't use the affected packages (i.e. a non-Debian derivative).

It currently seems that the hostkey for the main server was not affected, but we might decide to generate a new one in the next days anyway. In this case a fingerprint will be posted here.

Sorry for any inconvienience caused.

Gruesse,