On Tue, May 20, 2008, Dave Neary wrote: > On a server, you have your private SSH key, and someone else adds an > infected public SSH key to authorized_keys. By induction, your key is no > longer trustworthy, since someone could have connected to your server > via the untrustworthy key.
That's pushing quite far; however if you have been using a private DSA key with a weak openssl at any time, you should drop it for sure, and you should drop all keys generated with a borken openssl. See <http://wiki.debian.org/SSLkeys>. I'd also recommend all servers to upgrade to a version of OpenSSH which allows rejecting vulnerable keys and to scan authorized_keys file for such keys. -- Loïc Minier _______________________________________________ maemo-developers mailing list maemo-developers@maemo.org https://lists.maemo.org/mailman/listinfo/maemo-developers
