SSH DSA logins on crank.

Carl-Daniel Hailfinger c-d.hailfinger.devel.2006 at gmx.net
Wed May 21 09:27:29 EDT 2008


On 21.05.2008 15:12, Ivan Krstić wrote:
> On May 21, 2008, at 5:58 AM, Carl-Daniel Hailfinger wrote:
>> OK, but then a statement from the user like "I never logged in anywhere
>> from a Debian/Ubuntu system" should suffice to reenable the existing
>> key.
>
> Given the trivial cost of generating a new RSA key and the high
> fallibility of human memory, it's not at all unreasonable to err on
> the side of caution as Chris has done.

So DSA is a no-go from now until the end of time?

Chris Ball wrote:
>>> Please mail sysadmin at rt.laptop.org if you were using a DSA key that you
>>> now need to replace.
>>>       

I interpreted the statement above as "replace with a RSA or new DSA
key". Ivan, you seem to interpret it as "replace with a RSA key". Since
Chris wrote he disabled logins with DSA keys, I guess you're right.
Thanks for clarifying.

By the way, will remaining and new RSA keys be tested for bad randomness?

Regards,
Carl-Daniel



More information about the Devel mailing list