Vyatta VC4 Upgrading OpenSSL

As I mentioned in the previous post, due to an OpenSSL bug in Debian based systems, it is necessary to upgrade OpenSSL packages and re-create ssh keys, if you already used ssh connections to your Vyatta router.

First, I had to stop ssh service.

configure
delete service ssh
commit

Then navigated to ssh directory and deleted the keys.

su
cd /etc/ssh
ls

There were six keys. I removed all of them.

rm ssh_host_*

Upgraded the packages.

apt-get update
apt-get upgrade

OpenSSL package got upgraded.

After that I wanted to enable the ssh service again.

configure
set service ssh
commit

However, since I deleted all keys, the service complained about missing keys. Two keys get generated automatically, others have to be generated manually.

ssh-keygen

Next, I entered the proper path and filename for the rsa keys.

/etc/ssh/ssh_host_rsa_key

Repeated this step for dsa keys.

ssh-keygen -t dsa
/etc/ssh/ssh_host_dsa_key

Finally, I repeated disabling and enabling ssh service. Done.