[CentOS] Re: [CentOS-announce] Impact of the Debian OpenSSL vulnerability
Karanbir Singh
mail-lists at karan.orgSat May 17 01:03:24 UTC 2008
- Previous message: [CentOS] Re: [CentOS-announce] Impact of the Debian OpenSSL vulnerability
- Next message: [CentOS] Re: [CentOS-announce] Impact of the Debian OpenSSL vulnerability
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Chris Butler wrote: > In addition to the fixed OpenSSL packages, Debian also released an update to > OpenSSH that includes a blacklist of the weak keys. With this update, any > connections attempting to authenticate with a weak key are rejected. There's > also a utility which searches through user ~/.ssh directories for > blacklisted keys. > > This blacklist would help in securing non-Debian systems as well. Are there > any plans to include this ssh update in CentOS? Dag pointed out that Suse is also considering setting up a blacklist of this nature. I dont mind looking at something like this within CentOS if someone wants to make a case for it. Would it be better to just have some tool ( Daniel already brought that up! ) that could audit setups instead of running such a blacklist ? Imho, the CentOS team would be open at looking at anything that helps improve security for the users. And lets also keep an eye on what comes down from upstream. But till such time as there is an upstream release to address this issue ( if at all ) nothing stops us from providing the resources required. -- Karanbir Singh : http://www.karan.org/ : 2522219 at icq
- Previous message: [CentOS] Re: [CentOS-announce] Impact of the Debian OpenSSL vulnerability
- Next message: [CentOS] Re: [CentOS-announce] Impact of the Debian OpenSSL vulnerability
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list