River Tarnell wrote:
no, this was for the subversion server. Wikimedia admins don't touch the toolserver; no such tool has been run here.
- river.
Is it going to be? It might be worth the effort - surely giving insecure keys the ability to log into the server is far from ideal? Two or three of the keys which I'd generated recently and used as my authorized_keys on the toolserver were marked as "weak" by the tool - and I removed them from the file to avoid the risk... this should be done for users if not by them (with appropriate warning? motd?)..
*Using the script*:
wget http://security.debian.org/project/extra/dowkd/dowkd.pl.gz gzip -d dowkd.pl.gz perl dowkd.pl user your_username
Check for any "weak key" results.
I've copied dowkd.pl to /tmp on hemlock for those who'd rather copy it from there than download a 4MB file over and over again :).
Martin