From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 28640 invoked by alias); 25 Oct 2005 23:20:27 -0000 Mailing-List: contact overseers-help@sourceware.org; run by ezmlm Precedence: bulk List-Archive: List-Post: List-Help: , Sender: overseers-owner@sourceware.org Received: (qmail 28613 invoked by uid 22791); 25 Oct 2005 23:20:23 -0000 Received: from vlsi1.ultra.nyu.edu (HELO vlsi1.ultra.nyu.edu) (128.122.140.213) by sourceware.org (qpsmtpd/0.30-dev) with SMTP; Tue, 25 Oct 2005 23:20:23 +0000 Received: by vlsi1.ultra.nyu.edu (4.1/1.34) id AA21249; Tue, 25 Oct 05 19:24:43 EDT Date: Tue, 25 Oct 2005 23:30:00 -0000 From: kenner@vlsi1.ultra.nyu.edu (Richard Kenner) Message-Id: <10510252324.AA21249@vlsi1.ultra.nyu.edu> To: ian@airs.com Subject: Re: SSH2 public key? Cc: overseers@gcc.gnu.org X-SW-Source: 2005-q4/txt/msg00109.txt.bz2 Well, you sent out an SSH private key. The question is whether you generated a new private/public key pair, using ssh-keygen, before you sent out the public key. Or whether you just sent the public key you already had. Or sent some other random private key that happened to be in a file somewhere. Given the amount of trouble I had getting everything to work, there are likely to be numerous public and private keys around in lots of files on different machines. How would I go about seeing if that particular key private key corresponded to that particular public key? Our problem is that we now have a security hole. Why? I thought the overseers list was basically people who had root access and were therefore trusted? Please generate a new SSH key pair, and send us the new public key. I have absolutely no idea what that means or how to do it! When I switched from using the VanDyke "crt" program to their "securecrt" program, I used it to generate various sets of keys that I copied to various places and kept hacking away until it worked. I never had a good understanding of the process since every machine seemed to have its own mechanism. So basically what you are suggesting would be starting from scratch. That would be bad enough except for the hurricane and now they are saying it might not be until November 15 that I can start the process of getting to one of those machines. As I understand it, I have to start with the Van Dyke program because it can't *import* a private key, but I'm not sure. Is that right? If so, I guess I can work on it, though it'll likely take much of the week.