[Python-Dev] heads up on svn.python.org ssh keys (original) (raw)
[Python-Dev] heads up on svn.python.org ssh keys - debian/ubuntu users may need new ones
"Martin v. Löwis" martin at v.loewis.de
Wed May 14 01:12:51 CEST 2008
- Previous message: [Python-Dev] heads up on svn.python.org ssh keys - debian/ubuntu users may need new ones
- Next message: [Python-Dev] heads up on svn.python.org ssh keys - debian/ubuntu users may need new ones
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
If you generated your python subversion ssh key during this time on a machine fitting the description above, please consider replacing your keys.
apt-get update ; apt-get upgrade on debian will provide you with a ssh-vulnkey program that can be used to test if your ssh keys are valid or not.
I'll ping all committers for which ssh-vulnkey reports COMPROMISED.
I personally don't think the threat is severe - unless people also published their public SSH keys somewhere, there is little chance that somebody can break in by just guessing them remotely - you still need to try a lot of combinations for user names and passwords, plus with subversion, we'll easily recognize doubtful checkins (as we do even if the committer is legitimate :-).
Regards, Martin
- Previous message: [Python-Dev] heads up on svn.python.org ssh keys - debian/ubuntu users may need new ones
- Next message: [Python-Dev] heads up on svn.python.org ssh keys - debian/ubuntu users may need new ones
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]