SSH DSA logins on crank.

Carl-Daniel Hailfinger c-d.hailfinger.devel.2006 at
Fri May 23 13:17:32 EDT 2008


On 23.05.2008 17:16, Holger Levsen wrote:
> On Wednesday 21 May 2008 16:06, Chris Ball wrote:
>> Yes.  We have the openssh-blacklist package installed, which contains
>> keyhashes of all possible weak keys and disallows logins using them.
> AFAIK not all possible weak keys, but only for the most popular arches and 
> (definitly only) the popular key lengths.

Holger is right about the blacklist being a useful strict subset of all
weak keys.
The good news is that ssh_keygen only allows 1024 bit DSA keys (the man
page says: "DSA keys must be exactly 1024 bits as specified by FIPS


More information about the Devel mailing list