After recent not so funny thing with OpenSSL in Debian, I realized that I will have to regenerate most of keys and certificates, because last big changes I did in networking/vpn/ssh setup which involved generating keys are not older than broken OpenSSL appeared in archives.
First obvious thing was SSH keys and cleanup of ~/.ssh/authorized_keys
on
all hosts. While doing that, I realized that I still have there several keys,
which are more or less gone (not that I'd lost them, but I simply stopped to
use them). So it was good opportunity to do cleanup here. While I was at these
changes, cleaning up ~/.ssh/known_hosts
was also good idea, because I still
had there lot of hosts I collected during some of my previous jobs and I
definitely won't (and can not) access these machines anymore. So good, big
cleanup in SSH configuration was forced :-).
Next and harder step was to found out where else I use certificates generated by vulnerable OpenSSL. Server certificates for sure were also generated by OpenSSL, so let's regenerate web and email certificates and hope I did not miss anything.
All this happened yesterday, but today I realized that I missed other even more important thing - OpenVPN certificates. While regenerating certificates, I also found some machine keys which are not really used anymore, so I again could drop some of them. So that was task for this evening and now I'm hopefully really done with this issue and I really hope that this won't happen again in near future, I don't need to cleanup that often ;-).