After recent not so funny thing with OpenSSL in Debian, I realized that I
will have to regenerate most of keys and certificates, because last big
changes I did in networking/vpn/ssh setup which involved generating keys are
not older than broken OpenSSL appeared in archives.
First obvious thing was SSH keys and cleanup of
all hosts. While doing that, I realized that I still have there several keys,
which are more or less gone (not that I'd lost them, but I simply stopped to
use them). So it was good opportunity to do cleanup here. While I was at these
changes, cleaning up
~/.ssh/known_hosts was also good idea, because I still
had there lot of hosts I collected during some of my previous jobs and I
definitely won't (and can not) access these machines anymore. So good, big
cleanup in SSH configuration was forced :-).
Next and harder step was to found out where else I use certificates generated
by vulnerable OpenSSL. Server certificates for sure were also generated by
OpenSSL, so let's regenerate web and email certificates and hope I did not
All this happened yesterday, but today I realized that I missed other even
more important thing - OpenVPN certificates. While regenerating certificates,
I also found some machine keys which are not really used anymore, so I again
could drop some of them. So that was task for this evening and now I'm
hopefully really done with this issue and I really hope that this won't happen
again in near future, I don't need to cleanup that often ;-).