SSH DSA logins on crank.

Chris Ball cjb at
Wed May 21 10:06:56 EDT 2008


   > So DSA is a no-go from now until the end of time?

I'm open to debate on that, though many systems have made that decision; and are no longer allowing DSA logins, for
example.  (I'm curious to hear reasons for wanting to use DSA keys,
now that the RSA patents have expired.)

   > By the way, will remaining and new RSA keys be tested for bad
   > randomness?

Yes.  We have the openssh-blacklist package installed, which contains
keyhashes of all possible weak keys and disallows logins using them.

- Chris.
Chris Ball   <cjb at>

More information about the Devel mailing list