From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 9487 invoked by alias); 14 May 2008 23:06:31 -0000 Received: (qmail 9480 invoked by uid 22791); 14 May 2008 23:06:31 -0000 X-Spam-Check-By: sourceware.org Received: from mail.codesourcery.com (HELO mail.codesourcery.com) (65.74.133.4) by sourceware.org (qpsmtpd/0.31) with ESMTP; Wed, 14 May 2008 23:06:13 +0000 Received: (qmail 2456 invoked from network); 14 May 2008 23:06:12 -0000 Received: from unknown (HELO digraph.polyomino.org.uk) (joseph@127.0.0.2) by mail.codesourcery.com with ESMTPA; 14 May 2008 23:06:12 -0000 Received: from jsm28 (helo=localhost) by digraph.polyomino.org.uk with local-esmtp (Exim 4.68) (envelope-from ) id 1JwQ30-0007eD-Qp; Wed, 14 May 2008 23:06:10 +0000 Date: Thu, 15 May 2008 01:51:00 -0000 From: "Joseph S. Myers" To: Joe Buck cc: overseers@sourceware.org Subject: Re: ssh keys and the Debian breach In-Reply-To: <20080514222605.GB12257@synopsys.com> Message-ID: References: <20080514222605.GB12257@synopsys.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Mailing-List: contact overseers-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: , Sender: overseers-owner@sourceware.org X-SW-Source: 2008-q2/txt/msg00100.txt.bz2 See ~gccadmin/weak-key-list for a list of some keys that need disabling. This is non-exhaustive because it only includes world-readable keys, and there were lots of warnings from the script about keys it couldn't parse or didn't have a blacklist for their key length; ssh-vulnkey might well produce a different list. -- Joseph S. Myers joseph@codesourcery.com