On Tue, May 13, 2008 at 7:12 PM, "Martin v. Löwis" <[EMAIL PROTECTED]> wrote: > > If you generated your python subversion ssh key during this time on a > > machine fitting the description above, please consider replacing your > > keys. > > > > apt-get update ; apt-get upgrade on debian will provide you with a > > ssh-vulnkey program that can be used to test if your ssh keys are > > valid or not. > > I'll ping all committers for which ssh-vulnkey reports COMPROMISED. > > I personally don't think the threat is severe - unless people also > published their public SSH keys somewhere, there is little chance that > somebody can break in by just guessing them remotely - you still need > to try a lot of combinations for user names and passwords, plus with > subversion, we'll easily recognize doubtful checkins (as we do even > if the committer is legitimate :-). >
Well, I had a break in on my public server (peadrop.com) this week, which had a copy my ssh pubkey. I don't know if the attacker took a look at my pubkeys, but I won't take any change. So, I definitely have to change my key, ASAP. -- Alexandre _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
