Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detect and report keys using old rsa #49

Open
dolmen opened this issue Oct 5, 2022 · 1 comment
Open

Detect and report keys using old rsa #49

dolmen opened this issue Oct 5, 2022 · 1 comment
Labels
feature

Comments

@dolmen
Copy link
Owner

dolmen commented Oct 5, 2022
edited
Loading

From GitHub documentation:

Note: GitHub improved security by dropping older, insecure key types on March 15, 2022.
As of that date, DSA keys (ssh-dss) are no longer supported. You cannot add new DSA keys to your personal account on GitHub.com.
RSA keys (ssh-rsa) with a valid_after before November 2, 2021 may continue to use any signature algorithm. RSA keys generated after that date must use a SHA-2 signature algorithm. Some older clients may need to be upgraded in order to use SHA-2 signatures.

So we should report old RSA keys that don't use SHA-2.
@dolmen
Copy link
Owner Author

dolmen commented Oct 5, 2022
edited
Loading

Any resources on how to inspect an RSA key would be welcome.

@dolmen dolmen added the feature label Oct 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dolmen