19Eki
How to detect weak SSH keys affected by CVE-2021-41117
Recently, GitLab[1] and GitKraken[2] notified users about a vulnerability in GitKraken version v in range 7.6.0<=v<=8.0.0. Those versions are affected by CVE-2021-41117[3] and therefore, generate weak SSH keys. Now, as an administrator of a GitLab instance, I want to know, if any of my users use weak keys generated by a vulnerable GitKraken version.
I'd be grateful for any tips on how to tell if a keypair is weak, having a public key.
[1] https://about.gitlab.com/blog/2021/10/11/notice-for-gitkraken-users-with-gitlab/
[2] https://www.gitkraken.com/blog/weak-ssh-key-fix
[3] https://nvd.nist.gov/vuln/detail/CVE-2021-41117
