"Debian and Ubuntu's openssh package includes a check on the SSH host key and also includes a tool to check user keys. Where possible, run ssh-vulnkey -a as root to check all users' keys and authorized_keys for the vulnerable ones"
Source: http://www.sungate.co.uk/?p=314 Alex On Fri, May 16, 2008 at 11:42 AM, Geoffrey S. Mendelson <[EMAIL PROTECTED]> wrote: > Is there a package of some sort that checks your keys to see if they > are vulnerable? > > Since the list of vulnerable keys is known, it should not be too difficult > to write a program which scans your authorized keys file(s) looking for > them. > > Hopefully someone has already and made it available. > > I'm not looking for something that tries to ssh to a user using the > keys, I want an authorized key scanner I can run on my computer. > > Thanks, > > Geoff. > -- > Geoffrey S. Mendelson, Jerusalem, Israel [EMAIL PROTECTED] N3OWJ/4X1GM > > ================================================================= > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > > -- | | Alex Alexander | http://linuxized.blogspot.com | http://www.nerd.gr \
