The new ssl and ssh packages don't work if they are given known vulnerable During upgrade/update they upgrade/replace bad keys
Thanks, Noam Rathaus Beyond Security -----Original Message----- From: "Geoffrey S. Mendelson" <[EMAIL PROTECTED]> Date: Fri, 16 May 2008 11:42:53 To:Israel Linux Mailing list <[email protected]> Subject: SSH vulnerable key package? Is there a package of some sort that checks your keys to see if they are vulnerable? Since the list of vulnerable keys is known, it should not be too difficult to write a program which scans your authorized keys file(s) looking for them. Hopefully someone has already and made it available. I'm not looking for something that tries to ssh to a user using the keys, I want an authorized key scanner I can run on my computer. Thanks, Geoff. -- Geoffrey S. Mendelson, Jerusalem, Israel [EMAIL PROTECTED] N3OWJ/4X1GM ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
