Seems to work for me now. I did notice that apparently there was an
old copy of id_rsa.keystore on the system that did have a copy of the
only Debian generated key that I had removed and re-generated.
Removing that file let me upload my same key to upload and access my
git repository.
On May 21,
Ok, weak authkey checker is back in, and should work properly this
time. Post if you have any problems with it in either direction -
being able to upload a weak key, or not being able to upload a
verifiably strong key.
Adam
--~--~-~--~~~---~--~~
You received this
Yesterday, I was able to get an approved key by including
numbers, punctuation marks, upper and lower case characters,
a total of 11 characters.
Kevin
Adam Wiggins wrote:
> Oops, looks like the key checker tool is always returning a bad value.
> I've disabled the check for now.
>
> Note that
Oops, looks like the key checker tool is always returning a bad value.
I've disabled the check for now.
Note that the upgraded Debian packages still blacklist weak keys, so
without this check a weak key still won't work, but you won't get any
helpful message about it, just a permission denied.
Can add me to the list of people hosed by Heroku's vulnerable key
check failing miserably. I have a key generated on Fedora which is
unaffected by the Debian openssl/openssh vulnerable. Nonetheless I've
tested my keys anyway and none of them are listed as vulnerable yet
Heroku's servers continue t
I have same problem. ssh-vulkey shows no blacklisted keys but when
I'm trying git pull a receive access denied message.
On 20 maio, 22:26, Matthew Williams <[EMAIL PROTECTED]>
wrote:
> I believe I'm patched and not showing any vulnerable keys but every
> key I'm trying to upload gets denied...
I believe I'm patched and not showing any vulnerable keys but every
key I'm trying to upload gets denied...
Thoughts?
Running the latest Ubuntu release that appears to be patched (all
updates have been run, ssh-vulkey shows no blacklisted keys). I've
wiped my .ssh dir and regenerated everything
You guys may know about the Debian ssh key vulnerability announced last week:
http://www.ubuntu.com/usn/usn-612-2
If you haven't, here's the quick summary: keys generated on Debian and
Debian-derived distros, including Ubuntu, may be weak. We've thereby
had to revoke any weak keys that have bee