"A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates."

This weakness is specific to Ubuntu and Debian systems only, you can scan systems looking for weak keys, Debian has distributed a black list for rsa2 and dsa2 keys. I generated a rsa1 key blacklist for some legacy systems who are still using SSH V1.

[[http://vapid.dhs.org/rsa1-1024-fingerprints.gz|rsa1-1024 fingerprints]]

[[http://vapid.dhs.org/rsa1-2048-fingerprints.gz|rsa1-2048 fingerprints]]

Credit

[[http://www.metasploit.com/users/hdm/tools/debian-openssl| H D Moore at metasploit.com]]