[please CC me on replies] On Thu, May 15, 2008 at 08:08:39PM +0200, Daniel de Kok wrote: > Questions on how this may affect CentOS users should be directed to > the CentOS users list. List subscription information is available > from: In addition to the fixed OpenSSL packages, Debian also released an update to OpenSSH that includes a blacklist of the weak keys. With this update, any connections attempting to authenticate with a weak key are rejected. There's also a utility which searches through user ~/.ssh directories for blacklisted keys. This blacklist would help in securing non-Debian systems as well. Are there any plans to include this ssh update in CentOS? -- Chris Butler Zedcore Systems Ltd UK tel: 0114 238 1828 We have moved to: Lydgate House, Lydgate Lane, Sheffield S10 5FH