Geoffrey S. Mendelson wrote:
Is there a package of some sort that checks your keys to see if they
are vulnerable?
Since the list of vulnerable keys is known, it should not be too difficult
to write a program which scans your authorized keys file(s) looking for them.
Hopefully someone has already and made it available.
I'm not looking for something that tries to ssh to a user using the
keys, I want an authorized key scanner I can run on my computer.
see
http://ubuntu-tutorials.com/2008/05/13/openssh-openssh-vulnerabilities-confirm-fix-instructions/
you can get the perl script
http://security.debian.org/project/extra/dowkd/dowkd.pl.gz and run it on
your host with
perl dowkd.pl user your_user
regards
Thanks,
Geoff.
--
Cyril SCETBON
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
