SSH DSA logins on crank.
Carl-Daniel Hailfinger
c-d.hailfinger.devel.2006 at gmx.net
Wed May 21 09:27:29 EDT 2008
On 21.05.2008 15:12, Ivan Krstić wrote:
> On May 21, 2008, at 5:58 AM, Carl-Daniel Hailfinger wrote:
>> OK, but then a statement from the user like "I never logged in anywhere
>> from a Debian/Ubuntu system" should suffice to reenable the existing
>> key.
>
> Given the trivial cost of generating a new RSA key and the high
> fallibility of human memory, it's not at all unreasonable to err on
> the side of caution as Chris has done.
So DSA is a no-go from now until the end of time?
Chris Ball wrote:
>>> Please mail sysadmin at rt.laptop.org if you were using a DSA key that you
>>> now need to replace.
>>>
I interpreted the statement above as "replace with a RSA or new DSA
key". Ivan, you seem to interpret it as "replace with a RSA key". Since
Chris wrote he disabled logins with DSA keys, I guess you're right.
Thanks for clarifying.
By the way, will remaining and new RSA keys be tested for bad randomness?
Regards,
Carl-Daniel
More information about the Devel
mailing list