* Mitigate OpenSSL security vulnerability:

  - Add key blacklisting support. Keys listed in
    /etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by
    sshd, unless "PermitBlacklistedKeys yes" is set in
    /etc/ssh/sshd_config.
  - Add a new program, ssh-vulnkey, which can be used to check keys
    against these blacklists.
  - Depend on openssh-blacklist.
  - Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least
    0.9.8g-9.
  - Automatically regenerate known-compromised host keys, with a
    critical-priority debconf note. (I regret that there was no time to
    gather translations.)

1 files changed, 20 insertions, 0 deletions

diff --git a/debian/openssh-server.templates b/debian/openssh-server.templates
index 2cc62f8f1..6c1187e7f 100644
--- a/debian/openssh-server.templates
+++ b/debian/openssh-server.templates
@@ -62,3 +62,23 @@ _Description: Disable challenge-response authentication?
  able to log in using passwords. If you leave it enabled (the default
  answer), then the 'PasswordAuthentication no' option will have no useful
  effect unless you also adjust your PAM configuration in /etc/pam.d/ssh.
+
+Template: ssh/vulnerable_host_keys
+Type: note
+_Description: Vulnerable host keys will be regenerated
+ Some of the OpenSSH server host keys on this system were generated with a
+ version of OpenSSL that had a broken random number generator. As a result,
+ these host keys are from a well-known set, are subject to brute-force
+ attacks, and must be regenerated.
+ .
+ Users of this system should be informed of this change, as they will be
+ prompted about the host key change the next time they log in. Use
+ 'ssh-keygen -l -f HOST_KEY_FILE' after the upgrade has changed to print the
+ fingerprints of the new host keys.
+ .
+ The affected host keys are:
+ .
+ ${HOST_KEYS}
+ .
+ User keys may also be affected by this problem. The 'ssh-vulnkey' command
+ may be used as a partial test for this.