River Tarnell wrote:
no, this was for the subversion server. Wikimedia admins don't touch the toolserver; no such tool has been run here.- river.
Is it going to be? It might be worth the effort - surely giving insecure keys the ability to log into the server is far from ideal? Two or three of the keys which I'd generated recently and used as my authorized_keys on the toolserver were marked as "weak" by the tool - and I removed them from the file to avoid the risk... this should be done for users if not by them (with appropriate warning? motd?)..
*Using the script*: wget http://security.debian.org/project/extra/dowkd/dowkd.pl.gz gzip -d dowkd.pl.gz perl dowkd.pl user your_username Check for any "weak key" results.I've copied dowkd.pl to /tmp on hemlock for those who'd rather copy it from there than download a 4MB file over and over again :).
Martin
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Toolserver-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/toolserver-l
