[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#483756: insist ssh-vulnkey -a be run by the administrator upon upgrade

On Sat, May 31, 2008 at 08:02:53AM +0800, jidanni@jidanni.org wrote:
> Idea: new ssh _client_ that will also block outgoing ssh contacts if bad
> keys are detected.

Yes, this is already on my to-do list.

> CW> /usr/share/doc/openssh-server/README.compromised-keys.gz
> You might want to add some dates into that file, lest they read it
> months later etc.

I think the version numbers are more informative.

> I see there
> 
>    OpenSSH keys used for user authentication must be manually regenerated,
>    including those which may have since been transferred to a different system
>    after being generated.
> 
> which indeed probably covers somewhat what I'm talking about. But
> doesn't mention the danger present before one does any updating.

"What to do if you are affected: 1. Install the security updates"

Regards,

-- 
Colin Watson                                       [cjwatson@debian.org]
Reply to: