search for: vulnkey

...e*. Thus, what I'd like to do is (in the spirit of crack's "nastygram" script), trawl through user .ssh directories and warn users with insecure keys (or warn root). I'm shocked I can't find something that does this with a basic google search. Debian offers their ssh-vulnkey tool, but that checks for something different (weak RNG-seeded keys). Has anyone come across something like this? Better still, written it? It seems to me that something like this should be in /contrib, but that's just me. My ears are open. -Dan *(http://it.slashdot.org/story/12/11/17/1...

...us, what I'd like to do is (in the spirit of crack's "nastygram" script), trawl through user .ssh directories and warn users with insecure keys (or warn root). > > I'm shocked I can't find something that does this with a basic google search.? Debian offers their ssh-vulnkey tool, but that checks for something different (weak RNG-seeded keys). > > Has anyone come across something like this?? Better still, written it? > > It seems to me that something like this should be in /contrib, but that's just me. > > My ears are open. > > -Dan >...

https://bugzilla.mindrot.org/show_bug.cgi?id=1469 Summary: Should sshd detect and reject vulnerable SSH keys (re: Debian DSA-1571 and DSA-1576) Classification: Unclassified Product: Portable OpenSSH Version: 5.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2