SSH DSA logins on crank.
c-d.hailfinger.devel.2006 at gmx.net
Fri May 23 13:17:32 EDT 2008
On 23.05.2008 17:16, Holger Levsen wrote:
> On Wednesday 21 May 2008 16:06, Chris Ball wrote:
>> Yes. We have the openssh-blacklist package installed, which contains
>> keyhashes of all possible weak keys and disallows logins using them.
> AFAIK not all possible weak keys, but only for the most popular arches and
> (definitly only) the popular key lengths.
Holger is right about the blacklist being a useful strict subset of all
The good news is that ssh_keygen only allows 1024 bit DSA keys (the man
page says: "DSA keys must be exactly 1024 bits as specified by FIPS
More information about the Devel