diff options
| author | Colin Watson <cjwatson@debian.org> | 2008-05-12 23:33:01 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2008-05-12 23:33:01 +0000 |
| commit | 47608c17e64138f8d16aa2bdc49a0eb00e1c3549 (patch) | |
| tree | 92572d90b9aa8f45c0d9e6dbb185065667fdcea0 /authfile.h | |
| parent | 19ccea525446d5a3c2a176d813c505be81b91cbf (diff) | |
* Mitigate OpenSSL security vulnerability:
- Add key blacklisting support. Keys listed in
/etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by
sshd, unless "PermitBlacklistedKeys yes" is set in
/etc/ssh/sshd_config.
- Add a new program, ssh-vulnkey, which can be used to check keys
against these blacklists.
- Depend on openssh-blacklist.
- Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least
0.9.8g-9.
- Automatically regenerate known-compromised host keys, with a
critical-priority debconf note. (I regret that there was no time to
gather translations.)
Diffstat (limited to 'authfile.h')
| -rw-r--r-- | authfile.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/authfile.h b/authfile.h index a6c74934d..e47710495 100644 --- a/authfile.h +++ b/authfile.h | |||
| @@ -23,4 +23,7 @@ Key *key_load_private_type(int, const char *, const char *, char **, int *); | |||
| 23 | Key *key_load_private_pem(int, int, const char *, char **); | 23 | Key *key_load_private_pem(int, int, const char *, char **); |
| 24 | int key_perm_ok(int, const char *); | 24 | int key_perm_ok(int, const char *); |
| 25 | 25 | ||
| 26 | char *blacklist_filename(const Key *key); | ||
| 27 | int blacklisted_key(const Key *key); | ||
| 28 | |||
| 26 | #endif | 29 | #endif |