Call for testing: openssh-9.8
Jochen Bern
Jochen.Bern at binect.de
Tue Jun 18 22:09:16 AEST 2024
On 18.06.24 13:36, Stuart Henderson wrote:
> Not sure whether anything should be done with it, but I noticed so
> thought I'd mention: if you pass ssh-keygen -R a known_hosts file with
> DSA sigs, you get "invalid line" warnings.
Out of interest, did you, perchance, try running an ssh-keygen -l on a
DSA-infested file?
(I added a bit of extra IDS to our monitoring that collects info on the
allowed user pubkeys by running that command on all authorized_keys*
files found on the target machine. Yes, yes, I should probably make that
scanner DELETE all DSA pubkeys it finds on sight, but ...)
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20240618/b814f84e/attachment.p7s>
More information about the openssh-unix-dev
mailing list