Prevent users from using the CVE-2008-0166 keys

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Following #24614 (closed) we now have the pieces in place to block known compromised SSH keys.

https://github.com/g0tmi1k/debian-ssh contains 32 767 keys that should be avoided because they were generated with a version of OpenSSL that contained a bug (CVE-2008-0166). We've seen users use those keys in the past (see https://gitlab.com/gitlab-com/gl-security/security-operations/sirt/operations/-/issues/899, confidential issue) and currently don't prevent them from being used again.

Edited Jul 18, 2025 by 🤖 GitLab Bot 🤖