Bug#483756: insist ssh-vulnkey -a be run by the administrator upon upgrade
On Sat, May 31, 2008 at 08:02:53AM +0800, jidanni@jidanni.org wrote:
> Idea: new ssh _client_ that will also block outgoing ssh contacts if bad
> keys are detected.
Yes, this is already on my to-do list.
> CW> /usr/share/doc/openssh-server/README.compromised-keys.gz
> You might want to add some dates into that file, lest they read it
> months later etc.
I think the version numbers are more informative.
> I see there
>
> OpenSSH keys used for user authentication must be manually regenerated,
> including those which may have since been transferred to a different system
> after being generated.
>
> which indeed probably covers somewhat what I'm talking about. But
> doesn't mention the danger present before one does any updating.
"What to do if you are affected: 1. Install the security updates"
Regards,
--
Colin Watson [cjwatson@debian.org]
Reply to: