Chris Butler wrote: > In addition to the fixed OpenSSL packages, Debian also released an update to > OpenSSH that includes a blacklist of the weak keys. With this update, any > connections attempting to authenticate with a weak key are rejected. There's > also a utility which searches through user ~/.ssh directories for > blacklisted keys. > > This blacklist would help in securing non-Debian systems as well. Are there > any plans to include this ssh update in CentOS? Dag pointed out that Suse is also considering setting up a blacklist of this nature. I dont mind looking at something like this within CentOS if someone wants to make a case for it. Would it be better to just have some tool ( Daniel already brought that up! ) that could audit setups instead of running such a blacklist ? Imho, the CentOS team would be open at looking at anything that helps improve security for the users. And lets also keep an eye on what comes down from upstream. But till such time as there is an upstream release to address this issue ( if at all ) nothing stops us from providing the resources required. -- Karanbir Singh : http://www.karan.org/ : 2522219 at icq