16 May
2008
16 May
'08
8:56 a.m.
[please CC me on replies]
On Thu, May 15, 2008 at 08:08:39PM +0200, Daniel de Kok wrote:
Questions on how this may affect CentOS users should be directed to the CentOS users list. List subscription information is available from:
In addition to the fixed OpenSSL packages, Debian also released an update to OpenSSH that includes a blacklist of the weak keys. With this update, any connections attempting to authenticate with a weak key are rejected. There's also a utility which searches through user ~/.ssh directories for blacklisted keys.
This blacklist would help in securing non-Debian systems as well. Are there any plans to include this ssh update in CentOS?
--
Chris Butler
Zedcore Systems Ltd
UK tel: 0114 238 1828
We have moved to: Lydgate House, Lydgate Lane, Sheffield S10 5FH