Hi, On 23.05.2008 17:16, Holger Levsen wrote: > On Wednesday 21 May 2008 16:06, Chris Ball wrote: > >> Yes. We have the openssh-blacklist package installed, which contains >> keyhashes of all possible weak keys and disallows logins using them. >> > > AFAIK not all possible weak keys, but only for the most popular arches and > (definitly only) the popular key lengths. >
Holger is right about the blacklist being a useful strict subset of all weak keys. The good news is that ssh_keygen only allows 1024 bit DSA keys (the man page says: "DSA keys must be exactly 1024 bits as specified by FIPS 186-2."). Regards, Carl-Daniel _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel