DragonFly kernel List (threaded) for 2008-05
Re: LIST OF COMPROMISED SSH KEYS ON LEAF
Matthew Dillon wrote:
The following accounts on LEAF had compromised keys:
hasso Hasso Tepper
mayurb Mayur Bhosle
thacker Nirmal Thacker
I have disabled the keys in question and I am CCing this to the
account holders as well. Please generate new keys and and email me
(I'll try not to be fooled by hackers faking your from addresses :-)).
:This just in: if you were going to use ssh-vulnkey, debian just announced they
:have been told about (and addressed) another shortcoming of the tool:
I manually checked all the authorized_keys files and none of them had
any options, so I think the scanner found them all.
I know for sure that one key in my authorized_keys on leaf is compromised.
I've moved it away, but it seems that your blacklist files don't match
it. The blacklist files I committed today however match it. You can find
it in my ~/.ssh.
Serve - BSD +++ RENT this banner advert +++ ASCII Ribbon /"\
Work - Mac +++ space for low €€€ NOW!1 +++ Campaign \ /
Party Enjoy Relax | http://dragonflybsd.org Against HTML \
Dude 2c 2 the max ! http://golden-apple.biz Mail + News / \