Due to the recent ssh vulnerability, many releases of Ubuntu found themselves with vulnerable ssh keys.
User Keys
Run ssh-vulnkey to see if you’re unlucky. If you are, you’ll have to regenerate your keys.
ssh-keygen -t rsa
That’s it. If you’re using dsa, use dsa in the above instead of rsa. You should let it overwrite your existing key file. Remember to clean up ~/.ssh/authorized_keys (or ~/.ssh/authorized_keys2) on the servers that might have your old key!
Server Keys
Dumping and re-creating your own keys is okay, but what about the server?
For ssh1 keys, do:
ssh-keygen -q -f /etc/ssh/ssh_host_key -N '' -t rsa1
For ssh2 keys, do the following:
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
Note that when you first connect to the server thereafter, it’ll warn you that the keys have changed. Well, obviously, you just regenerated them. You may have to manually edit
~/.ssh/known_hosts
to remove those lines.
Reference