Originally posted by: AncientAIXer

I just discovered a HUGE issue with the openssh filesets distributed with the AIX media, which probably means any openssh fileset from IBM.

The openssh.base.server fileset includes pre-generated host keys.  This means that anyone on an AIX server has the keys to decrypt any traffic to and from any AIX server that has not generated new keys.

PLEASE GENERATE NEW HOST KEYS AS SOON AS POSSIBLE.

To IBM, shame on your developers for allowing this to occur.  Third-party openssh filesets have provided a post-install script in the lpp (yes it is possible to the Windows-tainted Linux developers that become AIX developers) to generate the host keys at installation.  GET YOUR ACT TOGETHER!!