Ahh the irony, apparently Debian has implement just such a feature,
but as patch to ssh within their distro:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg214853.html
On Thu, May 22, 2008 at 11:19:05AM -0700, Abe Singer wrote:
On Wed, May 14, 2008 at 07:52:58PM -0400, Steven M.
Given the published list of bad ssh keys due to the Debian mistake (see
http://metasploit.com/users/hdm/tools/debian-openssl/), should sshd be
updated to contain a blacklist of those keys? I suspect that a Bloom
filter would be quite compact and efficient.
--Steve Bellovin,
At Wed, 14 May 2008 19:52:58 -0400,
Steven M. Bellovin wrote:
Given the published list of bad ssh keys due to the Debian mistake (see
http://metasploit.com/users/hdm/tools/debian-openssl/), should sshd be
updated to contain a blacklist of those keys? I suspect that a Bloom
filter would be
On Wed, May 14, 2008 at 07:52:58PM -0400, Steven M. Bellovin wrote:
Given the published list of bad ssh keys due to the Debian mistake (see
http://metasploit.com/users/hdm/tools/debian-openssl/), should sshd be
updated to contain a blacklist of those keys? I suspect that a Bloom
filter
On Wed, May 14, 2008 at 7:52 PM, Steven M. Bellovin [EMAIL PROTECTED] wrote:
Given the published list of bad ssh keys due to the Debian mistake (see
http://metasploit.com/users/hdm/tools/debian-openssl/), should sshd be
updated to contain a blacklist of those keys? I suspect that a Bloom