Ticket #540 (closed task: fixed)
Check all FAS accounts for weak SSH keys
|Reported by:||berrange||Owned by:||nobody|
As per this announcement
any crypto keys (SSH, OpenVPN, DNSSEC, x509 certs etc) generated on a Debian host with OpenSSL in the past ~2 years have weak cryptographic material.
It is likely at least some Fedora accounts have such weak SSH keys registered. That Debian announcement provides a Perl script which can scan for weak keys. To minimise the risk to Fedora infrastructure, this check should be run across all existing registered Fedora accounts with SSH keys, and used to verify all future SSH keys uploaded in FAS.