reset ssh keys, even if only a public key in fedora?
Jon Ciesla
limb at jcomserv.net
Tue Aug 19 15:38:25 UTC 2008
> On Tue, 2008-08-19 at 16:04 +0200, Patrice Dumas wrote:
>> Hello,
>>
>> I just received the reset password mail, and it asks me to reset my ssh
>> key by doing ssh-keygen. However, if I recall well I only uploaded my
>> public key to the fedora server. Why would I want to reset my key pair?
>>
>> Maybe I am not one of the users who should reset their key, but I am
>> almost sure that I sent the public key to the fedora server, and it
>> seems to me that it is used for cvs access. So it is unclear if
>> I 'do not use a SSH key in the Fedora Account System'.
>>
>> Am I missing something? Can anybody clarify?
>
> DSA keys can be compromised if the server you connect to is compromised.
> See discussions about the recent openssl debacle for debian.
>
> If your key is an RSA one, to date it seem you shouldn't have problems
> even if a peer server is compromised as long as your private key was not
> directly exposed.
>
> a BIG AFAIK.
My understanding is that RSA is "secure enough*" if your key is 2048 bit
or higher, which incidentally is what the Inf team specified. Not sure
about DSA/DSS in terms of the compromise of issue you specify. IIRC, the
Debian issue was about the random seed no longer being random due to a
packaging error.
*i.e. unless No Such Agency really, really wants your bits
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
> --
> fedora-devel-list mailing list
> fedora-devel-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-devel-list
>
--
novus ordo absurdum
More information about the devel
mailing list