I'm a bit concerned about the many 1024-bit RSA keys I have on my system. To be on the safe side, I'm removing them and replacing them with newly-generated 2048-bit keys. I wonder though, why there's no blacklist.RSA-1024 in the openssh-blacklist package? Running ssh-vulnkey tells me "Unknown (no blacklist information)" for all of the 1024-bit RSA keys on my system. This includes my host keys, meaning they weren't automatically replaced by the new openssh-server's postinst. (Perhaps the ssh-vulnkey -q test should be strengthened to at least warn the user about "unknown" status keys, rather than quietly allowing them?) Vineet -- http://www.doorstop.net/
Attachment:
signature.asc
Description: Digital signature