[Python-Dev] heads up on svn.python.org ssh keys - debian/ubuntu users may need new ones (original) (raw)
Alexandre Vassalotti alexandre at peadrop.com
Wed May 14 02:17:53 CEST 2008
- Previous message: [Python-Dev] heads up on svn.python.org ssh keys - debian/ubuntu users may need new ones
- Next message: [Python-Dev] heads up on svn.python.org ssh keys - debian/ubuntu users may need new ones
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, May 13, 2008 at 7:12 PM, "Martin v. Löwis" <martin at v.loewis.de> wrote:
> If you generated your python subversion ssh key during this time on a > machine fitting the description above, please consider replacing your > keys. > > apt-get update ; apt-get upgrade on debian will provide you with a > ssh-vulnkey program that can be used to test if your ssh keys are > valid or not.
I'll ping all committers for which ssh-vulnkey reports COMPROMISED. I personally don't think the threat is severe - unless people also published their public SSH keys somewhere, there is little chance that somebody can break in by just guessing them remotely - you still need to try a lot of combinations for user names and passwords, plus with subversion, we'll easily recognize doubtful checkins (as we do even if the committer is legitimate :-).
Well, I had a break in on my public server (peadrop.com) this week, which had a copy my ssh pubkey. I don't know if the attacker took a look at my pubkeys, but I won't take any change. So, I definitely have to change my key, ASAP.
-- Alexandre
- Previous message: [Python-Dev] heads up on svn.python.org ssh keys - debian/ubuntu users may need new ones
- Next message: [Python-Dev] heads up on svn.python.org ssh keys - debian/ubuntu users may need new ones
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]