River Tarnell wrote:
no, this was for the subversion server. Wikimedia
admins don't touch the
toolserver; no such tool has been run here.
- river.
Is it going to be? It might be worth the effort - surely giving
insecure keys the ability to log into the server is far from ideal? Two
or three of the keys which I'd generated recently and used as my
authorized_keys on the toolserver were marked as "weak" by the tool -
and I removed them from the file to avoid the risk... this should be
done for users if not by them (with appropriate warning? motd?)..
*Using the script*:
wget
http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
gzip -d dowkd.pl.gz
perl dowkd.pl user your_username
Check for any "weak key" results.
I've copied dowkd.pl to /tmp on hemlock for those who'd rather copy it
from there than download a 4MB file over and over again :).
Martin