On 18.06.24 13:36, Stuart Henderson wrote:
Not sure whether anything should be done with it, but I noticed so thought I'd mention: if you pass ssh-keygen -R a known_hosts file with DSA sigs, you get "invalid line" warnings.
Out of interest, did you, perchance, try running an ssh-keygen -l on a DSA-infested file?
(I added a bit of extra IDS to our monitoring that collects info on the allowed user pubkeys by running that command on all authorized_keys* files found on the target machine. Yes, yes, I should probably make that scanner DELETE all DSA pubkeys it finds on sight, but ...)
Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
