[unisog] FYI: Debian/Ubuntu SSL/SSH vulnerability, logging issues

Florian Weimer fw at deneb.enyo.de
Fri May 23 19:18:56 GMT 2008


* Michael Holstein:

> Even better, you can test over the network for it.
>
> Use "debian_ssh_scan_v4.py" from : http://itsecurity.net/
> You'll need the latest Paramiko module : http://www.lag.net/paramiko/

I wish it were that easy.  This way, you only find weak host keys.  But
weak user keys are the main problem. 8-(


More information about the unisog mailing list