On Oct 28, 2013, at 5:55 PM, Tomaz Muraus <[email protected]> wrote: > Currently we don't do any kind of ssh key validation inside > the SSHKeyDeployment class. > > I think it would be useful to do the following: > > 1. Validate the SSH key format and make sure it's valid. > 2. Validate size of the RSA keys and error out on potentially weak (<= 1024 > bits) keys. This would be done to increase security consciousness and > discourage people from using weak keys. > > Here is a very quick and simple prototype - > https://github.com/apache/libcloud/pull/170 > > Do you think something like this would be a useful addition to the core?
I think it'd certainly be a nice feature but Libcloud shouldn't be responsible for SSH validation or recommendations for weak keys, IMHO. Jerry
