FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Infrastructure

 
 
LinkBack Thread Tools
 
Old 08-24-2008, 03:48 PM
Axel Thimm
 
Default Please restore ssh-dsa

On Sun, Aug 24, 2008 at 09:39:15AM -0600, Stephen John Smoogen wrote:
> 2008/8/24 Axel Thimm <Axel.Thimm@atrpms.net>:
> >> On Sat, Aug 23, 2008 at 04:37:13PM -0500, Jeffrey Ollie wrote:
> >> > The primary reason is that it's nearly impossible to tell if the key
> >> > was generated on a Debian system with the compromised OpenSSL
> >> > versions.
> >
> > OK, I checked and it is far from impossible. After all the bug was
> > that there are only 32k possible keys per arch/size/type - Debian has
> > even issued blacklists for all keys of typical und some untypical
> > sizes like 1024/2048/1023/2047/4096/8192 and for some sizes they even
> > packaged it up, see
> >
> > http://packages.debian.org/unstable/main/openssh-blacklist
> > http://packages.debian.org/unstable/main/openssh-blacklist-extra
> >
> > If there is paranoia floating around, then why not use that blacklist
> > in Fedora/RHEL as well instead of nuking all DSA keys and still
> > allowing the bad RSA keys?
>
> All RSA keys were nuked too.

Please read up the complete thread (and maybe the subject line as well
- with nuking of ssh keys I'm not referring to the internally used
ssh keys, which were all replaced, but the nuking of all user DSA keys
for using in FAS/cvs.

s/nuked/banned/g for a better phrasing - sorry, me no naitif ingisch
spieka.
--
Axel.Thimm at ATrpms.net
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 

Thread Tools




All times are GMT. The time now is 02:05 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org