Ubuntu For Free

I have admittedly put it off for way too long. The recent OpenSSL Vulnerability with weak keys prompted me to change that on one of my systems. I was forced to use dist-upgrade when OpenSSL would not update, leaving me to continuously recreating weak keys. While I normally update packages using the command line, I was hesitant of using the GUI for Adept Manager. My previous attempts with dist-upgrade have all been failures (From Edgy to Feisty to Gutsy…) so I was not really expecting a smoothe transition.  I used the GUI Adept Manager because it was the recommended method per the Kubuntu Hardy Heron upgrade documentation. Adept immediately gave me an error and closed the first time I tried. I rebooted and tried again with the same error. I kept trying, and it finally decided it would do it…and it did it well. I rebooted and I was almost unable to tell any difference. I did notice I had the new wallpaper available, but otherwise, OpenSSL let me create new, uncompromised keys… and that was what was important to me. It was so painless, I felt brave and tried it on another server. This time, no error message, and it upgraded just as easily. I still have one workstation remaining on Gutsy, a laptop that I don’t have any pressing need to update. The slow server took about two hours to update, and the faster one took about one hour.

I recently established my network to use SSH connections. My three Ubuntu systems I discovered were using weak keys that had been generated using the flawed packages. If you haven’t been paying attention, Canonical issued USN-612-1 on 5/13/2008. If you’re using keys that have been generated since September 2006, it’s likely that you need to regenerate all keys. If you have any doubts, I encourage you to regenerate all keys. It will affect any key used that was generated on a compromised system. The biggest trouble for me was getting OpenSSL and OpenSSH-server packages to update. I used the ssh-copy-id command to make it the process easy for me.