oss-sec mailing list archives
Re: OpenSSH key blacklisting
From: Matthias Andree <matthias.andree () gmx de>
Date: Tue, 20 May 2008 17:03:11 +0200
Solar Designer wrote:
Not yet, but we (Openwall) are likely to have a patch within a few days, and this:
On Sat, May 17, 2008 at 04:46:30PM +0200, Robert Buchholz wrote:
There has been approval of your idea inside Gentoo's hardened team.
is one of the reasons for us to go for the effort.
Thank you. For tossing in an end-users view, it is also likely of wider interest since keys generated once may travel (floppy, USB stick, scp/rsync/ssh-add -L, you name it), or systems being cross-"updated" to other operating systems (into/out of Debian/Ubuntu) for instance, so it likely wouldn't hurt to forward the whole blacklisting or at least check tools upstream once everyone is happy with it. It may take some convincing upstream maintainers to help with working around a b0rkup issue that happend by a downstream distro, but anyways, I'd like to do some sort of "ssh-vulnkey -a" on my SUSE boxen (perhaps after some sanity checks such as making sure the file being read by this tool is actually a regular file after opening it and things like that). -- Matthias Andree
Current thread:
- Re: OpenSSH key blacklisting, (continued)
- Re: OpenSSH key blacklisting Solar Designer (May 16)
- Re: OpenSSH key blacklisting Robert Buchholz (May 17)
- Re: OpenSSH key blacklisting Solar Designer (May 17)
- Re: OpenSSH key blacklisting Robert Buchholz (May 17)
- Re: OpenSSH key blacklisting Solar Designer (May 17)
- Re: OpenSSH key blacklisting Kees Cook (May 18)
- Re: OpenSSH key blacklisting Solar Designer (May 18)
- Re: OpenSSH key blacklisting Kees Cook (May 19)
- Re: OpenSSH key blacklisting Solar Designer (May 16)
- Re: OpenSSH key blacklisting Kees Cook (May 19)
- Re: OpenSSH key blacklisting Kees Cook (May 18)
- Re: OpenSSH key blacklisting Matthias Andree (May 20)
- Re: OpenSSH key blacklisting Solar Designer (May 27)
- Re: OpenSSH key blacklisting Dmitry V. Levin (May 27)
- Re: OpenSSH key blacklisting Tim Brown (May 28)
- Re: OpenSSH key blacklisting Sebastian Krahmer (May 28)
- Re: OpenSSH key blacklisting Tim Brown (Jun 02)
- Re: OpenSSH key blacklisting Sebastian Krahmer (Jun 02)
- Re: OpenSSH key blacklisting Nathanael Hoyle (Jun 04)
- Re: OpenSSH key blacklisting The Fungi (Jun 04)
- Re: OpenSSH key blacklisting Nathanael Hoyle (Jun 04)
- Re: OpenSSH key blacklisting Jonathan Smith (Jun 04)