Drop ssh-vulnkey

Drop ssh-vulnkey and the associated ssh/ssh-add/sshd integration
code, leaving only basic configuration file compatibility, since it
has been nearly six years since the original vulnerability and this
code is not likely to be of much value any more.  See
https://lists.debian.org/debian-devel/2013/09/msg00240.html for my
full reasoning.

28 files changed, 125 insertions, 1502 deletions

diff --git a/debian/patches/auth-log-verbosity.patch b/debian/patches/auth-log-verbosity.patch
index 5d98b81a2..f1db2dbdf 100644
--- a/debian/patches/auth-log-verbosity.patch
+++ b/debian/patches/auth-log-verbosity.patch
@@ -1,4 +1,4 @@
-From ec5991d73abdc0b3c43ea9f8a0e99da045e7beb1 Mon Sep 17 00:00:00 2001
+From 490aadd108dc4bf7f4b5084e3336d88ec23f6b19 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:02 +0000
 Subject: Quieten logs when multiple from= restrictions are used
@@ -91,7 +91,7 @@ index 7455c94..a3f0a02 100644
  void   auth_clear_options(void);
  int    auth_cert_options(Key *, struct passwd *);
 diff --git a/auth-rsa.c b/auth-rsa.c
-index 6ed152c..9b139c9 100644
+index 545aa49..4624c15 100644
 --- a/auth-rsa.c
 +++ b/auth-rsa.c
 @@ -174,6 +174,8 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file,
@@ -104,7 +104,7 @@ index 6ed152c..9b139c9 100644
          * Go though the accepted keys, looking for the current key.  If
          * found, perform a challenge-response dialog to verify that the
 diff --git a/auth2-pubkey.c b/auth2-pubkey.c
-index 12eb8a6..7c0ceee 100644
+index 2b3ecb1..4d87f48 100644
 --- a/auth2-pubkey.c
 +++ b/auth2-pubkey.c
 @@ -257,6 +257,7 @@ match_principals_file(char *file, struct passwd *pw, struct KeyCert *cert)
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch
index 751ba841c..f59df61bd 100644
--- a/debian/patches/authorized-keys-man-symlink.patch
+++ b/debian/patches/authorized-keys-man-symlink.patch
@@ -1,4 +1,4 @@
-From 6342b4c70310da7f73e1d54ddae0edde990d95d8 Mon Sep 17 00:00:00 2001
+From d5b4a3617c50cbe9526582979797248af5cbd9d5 Mon Sep 17 00:00:00 2001
 From: Tomas Pospisek <tpo_deb@sourcepole.ch>
 Date: Sun, 9 Feb 2014 16:10:07 +0000
 Subject: Install authorized_keys(5) as a symlink to sshd(8)
@@ -13,10 +13,10 @@ Patch-Name: authorized-keys-man-symlink.patch
  1 file changed, 1 insertion(+)
 
 diff --git a/Makefile.in b/Makefile.in
-index ca6eee5..7cd3a08 100644
+index b2dbead..7849979 100644
 --- a/Makefile.in
 +++ b/Makefile.in
-@@ -289,6 +289,7 @@ install-files:
+@@ -283,6 +283,7 @@ install-files:
         $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
         $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
         $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
diff --git a/debian/patches/consolekit.patch b/debian/patches/consolekit.patch
index f43e78500..b97bf0cd5 100644
--- a/debian/patches/consolekit.patch
+++ b/debian/patches/consolekit.patch
@@ -1,4 +1,4 @@
-From cfae2bfa1e95cbb6c7a9799f13b82e8e804ca869 Mon Sep 17 00:00:00 2001
+From 05609b1cb381eafb999214bf4a95138e63abdbf2 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:09:57 +0000
 Subject: Add support for registering ConsoleKit sessions on login
@@ -24,10 +24,10 @@ Patch-Name: consolekit.patch
  create mode 100644 consolekit.h
 
 diff --git a/Makefile.in b/Makefile.in
-index b8f5099..ca6eee5 100644
+index f979926..b2dbead 100644
 --- a/Makefile.in
 +++ b/Makefile.in
-@@ -96,7 +96,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
+@@ -94,7 +94,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
         sftp-server.o sftp-common.o \
         roaming_common.o roaming_serv.o \
         sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
@@ -35,8 +35,8 @@ index b8f5099..ca6eee5 100644
 +       sandbox-seccomp-filter.o \
 +       consolekit.o
  
- MANPAGES       = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-vulnkey.1.out sshd_config.5.out ssh_config.5.out
- MANPAGES_IN    = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-vulnkey.1 sshd_config.5 ssh_config.5
+ MANPAGES       = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
+ MANPAGES_IN    = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
 diff --git a/configure b/configure
 index ceb1b5d..78bbcd0 100755
 --- a/configure
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch
index d02e8ffcb..8edc27f70 100644
--- a/debian/patches/debian-banner.patch
+++ b/debian/patches/debian-banner.patch
@@ -1,4 +1,4 @@
-From 8a75df792931443e868e574408ed1666208a28c2 Mon Sep 17 00:00:00 2001
+From e1e1e23ca98c59a031217da0ea50b70de5427683 Mon Sep 17 00:00:00 2001
 From: Kees Cook <kees@debian.org>
 Date: Sun, 9 Feb 2014 16:10:06 +0000
 Subject: Add DebianBanner server configuration option
@@ -19,10 +19,10 @@ Patch-Name: debian-banner.patch
  4 files changed, 18 insertions(+), 1 deletion(-)
 
 diff --git a/servconf.c b/servconf.c
-index 9155a8b..a2928ff 100644
+index dcb8caf..802db1d 100644
 --- a/servconf.c
 +++ b/servconf.c
-@@ -157,6 +157,7 @@ initialize_server_options(ServerOptions *options)
+@@ -156,6 +156,7 @@ initialize_server_options(ServerOptions *options)
         options->ip_qos_interactive = -1;
         options->ip_qos_bulk = -1;
         options->version_addendum = NULL;
@@ -30,7 +30,7 @@ index 9155a8b..a2928ff 100644
  }
  
  void
-@@ -310,6 +311,8 @@ fill_default_server_options(ServerOptions *options)
+@@ -307,6 +308,8 @@ fill_default_server_options(ServerOptions *options)
                 options->ip_qos_bulk = IPTOS_THROUGHPUT;
         if (options->version_addendum == NULL)
                 options->version_addendum = xstrdup("");
@@ -39,7 +39,7 @@ index 9155a8b..a2928ff 100644
         /* Turn privilege separation on by default */
         if (use_privsep == -1)
                 use_privsep = PRIVSEP_NOSANDBOX;
-@@ -360,6 +363,7 @@ typedef enum {
+@@ -357,6 +360,7 @@ typedef enum {
         sKexAlgorithms, sIPQoS, sVersionAddendum,
         sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
         sAuthenticationMethods, sHostKeyAgent,
@@ -47,7 +47,7 @@ index 9155a8b..a2928ff 100644
         sDeprecated, sUnsupported
  } ServerOpCodes;
  
-@@ -501,6 +505,7 @@ static struct {
+@@ -498,6 +502,7 @@ static struct {
         { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
         { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
         { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
@@ -55,7 +55,7 @@ index 9155a8b..a2928ff 100644
         { NULL, sBadOption, 0 }
  };
  
-@@ -1648,6 +1653,10 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -1641,6 +1646,10 @@ process_server_config_line(ServerOptions *options, char *line,
                 }
                 return 0;
  
@@ -67,10 +67,10 @@ index 9155a8b..a2928ff 100644
                 logit("%s line %d: Deprecated option %s",
                     filename, linenum, arg);
 diff --git a/servconf.h b/servconf.h
-index f655c5b..fd72ce2 100644
+index ab6e346..1891a95 100644
 --- a/servconf.h
 +++ b/servconf.h
-@@ -188,6 +188,8 @@ typedef struct {
+@@ -187,6 +187,8 @@ typedef struct {
  
         u_int   num_auth_methods;
         char   *auth_methods[MAX_AUTH_METHODS];
@@ -80,7 +80,7 @@ index f655c5b..fd72ce2 100644
  
  /* Information about the incoming connection as used by Match */
 diff --git a/sshd.c b/sshd.c
-index 7efa7ef..6b988fe 100644
+index 46ec1a7..63b9357 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -440,7 +440,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
@@ -94,7 +94,7 @@ index 7efa7ef..6b988fe 100644
             options.version_addendum, newline);
  
 diff --git a/sshd_config.5 b/sshd_config.5
-index 510cc7c..eaf8d01 100644
+index e29604a..50eec53 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
 @@ -404,6 +404,11 @@ or
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch
index e706b4a02..3c5af97c3 100644
--- a/debian/patches/debian-config.patch
+++ b/debian/patches/debian-config.patch
@@ -1,4 +1,4 @@
-From bb5616c94d6d6b97890e90dd01a7ad07c663dc0b Mon Sep 17 00:00:00 2001
+From b65a0ded7a8cfe7d351e28266d7851216d679e05 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:18 +0000
 Subject: Various Debian-specific configuration changes
@@ -34,10 +34,10 @@ Patch-Name: debian-config.patch
  5 files changed, 53 insertions(+), 3 deletions(-)
 
 diff --git a/readconf.c b/readconf.c
-index 389de7d..2778176 100644
+index c741934..e1e82c5 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -1298,7 +1298,7 @@ fill_default_options(Options * options)
+@@ -1292,7 +1292,7 @@ fill_default_options(Options * options)
         if (options->forward_x11 == -1)
                 options->forward_x11 = 0;
         if (options->forward_x11_trusted == -1)
@@ -71,7 +71,7 @@ index 3234321..064b593 100644
 +    GSSAPIAuthentication yes
 +    GSSAPIDelegateCredentials no
 diff --git a/ssh_config.5 b/ssh_config.5
-index 5bca932..127540a 100644
+index 7b05e5f..01e7b6f 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
 @@ -71,6 +71,22 @@ Since the first obtained value for each parameter is used, more
@@ -120,7 +120,7 @@ index 9450141..9cfe28d 100644
  #StrictModes yes
  #MaxAuthTries 6
 diff --git a/sshd_config.5 b/sshd_config.5
-index ec4851a..faf93fc 100644
+index 04b5f1a..ca4cb19 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
 @@ -57,6 +57,33 @@ Arguments may optionally be enclosed in double quotes
diff --git a/debian/patches/dnssec-sshfp.patch b/debian/patches/dnssec-sshfp.patch
index 3cb291e97..4349df707 100644
--- a/debian/patches/dnssec-sshfp.patch
+++ b/debian/patches/dnssec-sshfp.patch
@@ -1,4 +1,4 @@
-From 145099bdca1b959e2ef3555cd6ce0bc44fb69ce8 Mon Sep 17 00:00:00 2001
+From d77a569da1afcb73c6ddfc934092461eeb4edb53 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:01 +0000
 Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf
diff --git a/debian/patches/doc-hash-tab-completion.patch b/debian/patches/doc-hash-tab-completion.patch
index 4f9de88ec..a6408c21f 100644
--- a/debian/patches/doc-hash-tab-completion.patch
+++ b/debian/patches/doc-hash-tab-completion.patch
@@ -1,4 +1,4 @@
-From cee45b00a94730c9a49a52a967ec08b9c29b9ca2 Mon Sep 17 00:00:00 2001
+From 6a3efad36a54be8fa4de750cd7a555fe925f21cc Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:11 +0000
 Subject: Document that HashKnownHosts may break tab-completion
@@ -13,7 +13,7 @@ Patch-Name: doc-hash-tab-completion.patch
  1 file changed, 3 insertions(+)
 
 diff --git a/ssh_config.5 b/ssh_config.5
-index 1497cfc..5bca932 100644
+index a1e18d2..7b05e5f 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
 @@ -587,6 +587,9 @@ Note that existing names and addresses in known hosts files
diff --git a/debian/patches/doc-upstart.patch b/debian/patches/doc-upstart.patch
index cb24998a2..0fa00a883 100644
--- a/debian/patches/doc-upstart.patch
+++ b/debian/patches/doc-upstart.patch
@@ -1,4 +1,4 @@
-From c1e7260fe4ed36dddc317655a69a7d4a69b3170a Mon Sep 17 00:00:00 2001
+From 5093448a615dcbab13bbbd3765ac353b827f21aa Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:10:12 +0000
 Subject: Refer to ssh's Upstart job as well as its init script
@@ -12,7 +12,7 @@ Patch-Name: doc-upstart.patch
  1 file changed, 4 insertions(+), 1 deletion(-)
 
 diff --git a/sshd.8 b/sshd.8
-index 6bdd219..b91f08c 100644
+index 95c1845..8e4017b 100644
 --- a/sshd.8
 +++ b/sshd.8
 @@ -70,7 +70,10 @@ over an insecure network.
diff --git a/debian/patches/gnome-ssh-askpass2-icon.patch b/debian/patches/gnome-ssh-askpass2-icon.patch
index 58966dd74..1cbb93436 100644
--- a/debian/patches/gnome-ssh-askpass2-icon.patch
+++ b/debian/patches/gnome-ssh-askpass2-icon.patch
@@ -1,4 +1,4 @@
-From 52e810085e196c457dfda9cad08ce76191d11fe7 Mon Sep 17 00:00:00 2001
+From 797d4dfd543b9d3fe96db6396e902a40b868d5c0 Mon Sep 17 00:00:00 2001
 From: Vincent Untz <vuntz@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:10:16 +0000
 Subject: Give the ssh-askpass-gnome window a default icon
diff --git a/debian/patches/helpful-wait-terminate.patch b/debian/patches/helpful-wait-terminate.patch
index 66a59a053..23afe3be9 100644
--- a/debian/patches/helpful-wait-terminate.patch
+++ b/debian/patches/helpful-wait-terminate.patch
@@ -1,4 +1,4 @@
-From ea2e0af0bc3a683edb32b508c03eb793617f6f31 Mon Sep 17 00:00:00 2001
+From 84589dc348c43ec22b50ede0c2946cf6afd0980d Mon Sep 17 00:00:00 2001
 From: Matthew Vernon <matthew@debian.org>
 Date: Sun, 9 Feb 2014 16:09:56 +0000
 Subject: Mention ~& when waiting for forwarded connections to terminate
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch
index 61389cc44..e22410298 100644
--- a/debian/patches/keepalive-extensions.patch
+++ b/debian/patches/keepalive-extensions.patch
@@ -1,4 +1,4 @@
-From affb41e3cf23b79a3d165ae0d97689a46a965b6f Mon Sep 17 00:00:00 2001
+From bd3d91c378d549aed56246ad4535aea29db04150 Mon Sep 17 00:00:00 2001
 From: Richard Kettlewell <rjk@greenend.org.uk>
 Date: Sun, 9 Feb 2014 16:09:52 +0000
 Subject: Various keepalive extensions
@@ -26,10 +26,10 @@ Patch-Name: keepalive-extensions.patch
  3 files changed, 34 insertions(+), 4 deletions(-)
 
 diff --git a/readconf.c b/readconf.c
-index 22e5a3a..2dcbf31 100644
+index 915a0f7..dab7963 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -141,6 +141,7 @@ typedef enum {
+@@ -140,6 +140,7 @@ typedef enum {
         oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
         oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
         oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown,
@@ -37,7 +37,7 @@ index 22e5a3a..2dcbf31 100644
         oIgnoredUnknownOption, oDeprecated, oUnsupported
  } OpCodes;
  
-@@ -263,6 +264,8 @@ static struct {
+@@ -262,6 +263,8 @@ static struct {
         { "ipqos", oIPQoS },
         { "requesttty", oRequestTTY },
         { "ignoreunknown", oIgnoreUnknown },
@@ -46,7 +46,7 @@ index 22e5a3a..2dcbf31 100644
  
         { NULL, oBadOption }
  };
-@@ -939,6 +942,8 @@ parse_int:
+@@ -934,6 +937,8 @@ parse_int:
                 goto parse_flag;
  
         case oServerAliveInterval:
@@ -55,7 +55,7 @@ index 22e5a3a..2dcbf31 100644
                 intptr = &options->server_alive_interval;
                 goto parse_time;
  
-@@ -1404,8 +1409,13 @@ fill_default_options(Options * options)
+@@ -1396,8 +1401,13 @@ fill_default_options(Options * options)
                 options->rekey_interval = 0;
         if (options->verify_host_key_dns == -1)
                 options->verify_host_key_dns = 0;
@@ -72,7 +72,7 @@ index 22e5a3a..2dcbf31 100644
                 options->server_alive_count_max = 3;
         if (options->control_master == -1)
 diff --git a/ssh_config.5 b/ssh_config.5
-index 89b25cd..135d833 100644
+index 1fc0a6b..6948680 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
 @@ -136,8 +136,12 @@ Valid arguments are
@@ -120,10 +120,10 @@ index 89b25cd..135d833 100644
  connections will die if the route is down temporarily, and some people
  find it annoying.
 diff --git a/sshd_config.5 b/sshd_config.5
-index 18ec81f..510cc7c 100644
+index 525d9c8..e29604a 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -1161,6 +1161,9 @@ This avoids infinitely hanging sessions.
+@@ -1147,6 +1147,9 @@ This avoids infinitely hanging sessions.
  .Pp
  To disable TCP keepalive messages, the value should be set to
  .Dq no .
diff --git a/debian/patches/lintian-symlink-pickiness.patch b/debian/patches/lintian-symlink-pickiness.patch
index b3b549cc8..e1073e4ac 100644
--- a/debian/patches/lintian-symlink-pickiness.patch
+++ b/debian/patches/lintian-symlink-pickiness.patch
@@ -1,4 +1,4 @@
-From 6d50dc6d561af1bcf41eaf1dc69e7920abe5aa4b Mon Sep 17 00:00:00 2001
+From 9ffc99332ff1bac6be9f0af430268e7981bd3dd2 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:08 +0000
 Subject: Fix picky lintian errors about slogin symlinks
@@ -15,12 +15,12 @@ Patch-Name: lintian-symlink-pickiness.patch
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/Makefile.in b/Makefile.in
-index 7cd3a08..839abbd 100644
+index 7849979..095f4ff 100644
 --- a/Makefile.in
 +++ b/Makefile.in
-@@ -296,9 +296,9 @@ install-files:
+@@ -289,9 +289,9 @@ install-files:
+        $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
         $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
-        $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1
         -rm -f $(DESTDIR)$(bindir)/slogin
 -       ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
 +       ln -s ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch
index 07682155c..08e1a2f3e 100644
--- a/debian/patches/mention-ssh-keygen-on-keychange.patch
+++ b/debian/patches/mention-ssh-keygen-on-keychange.patch
@@ -1,4 +1,4 @@
-From 7a20ce0712e7b7174a0c079e84568a9e8321c42b Mon Sep 17 00:00:00 2001
+From 6a137c3718ea1afab92b25a018e393cfede4d6a8 Mon Sep 17 00:00:00 2001
 From: Scott Moser <smoser@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:10:03 +0000
 Subject: Mention ssh-keygen in ssh fingerprint changed warning
diff --git a/debian/patches/no-openssl-version-check.patch b/debian/patches/no-openssl-version-check.patch
index f45e2b959..6e41d2ed9 100644
--- a/debian/patches/no-openssl-version-check.patch
+++ b/debian/patches/no-openssl-version-check.patch
@@ -1,4 +1,4 @@
-From bc87a22e258193138419d6615c0e92e4124dbe90 Mon Sep 17 00:00:00 2001
+From 3e3f5462b563ab0f2b4ba67590e5a5735fa17bec Mon Sep 17 00:00:00 2001
 From: Philip Hands <phil@hands.com>
 Date: Sun, 9 Feb 2014 16:10:14 +0000
 Subject: Disable OpenSSL version check
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch
index afc1fe306..670eea421 100644
--- a/debian/patches/openbsd-docs.patch
+++ b/debian/patches/openbsd-docs.patch
@@ -1,4 +1,4 @@
-From 98517b1b99dceff74e4a1e50d5a345f5b569ad6f Mon Sep 17 00:00:00 2001
+From d087ec8cf190df54fa8cb77c6ffd55a819dd1777 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:09 +0000
 Subject: Adjust various OpenBSD-specific references in manual pages
@@ -44,7 +44,7 @@ index ef0de08..149846c 100644
  .Sh SEE ALSO
  .Xr ssh-keygen 1 ,
 diff --git a/ssh-keygen.1 b/ssh-keygen.1
-index 144be7d..753cc62 100644
+index 0d55854..151cab0 100644
 --- a/ssh-keygen.1
 +++ b/ssh-keygen.1
 @@ -171,9 +171,7 @@ key in
@@ -88,7 +88,7 @@ index 144be7d..753cc62 100644
  The file format is described in
  .Xr moduli 5 .
 diff --git a/ssh.1 b/ssh.1
-index 0b38ae1..b3c3924 100644
+index 05ae6ad..6e2e03b 100644
 --- a/ssh.1
 +++ b/ssh.1
 @@ -756,6 +756,10 @@ Protocol 1 is restricted to using only RSA keys,
@@ -103,7 +103,7 @@ index 0b38ae1..b3c3924 100644
  .Pp
  The file
 diff --git a/sshd.8 b/sshd.8
-index a604429..6bdd219 100644
+index b0c7ab6..95c1845 100644
 --- a/sshd.8
 +++ b/sshd.8
 @@ -70,7 +70,7 @@ over an insecure network.
@@ -124,8 +124,8 @@ index a604429..6bdd219 100644
  Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
  The file format is described in
  .Xr moduli 5 .
-@@ -957,7 +957,6 @@ The content of this file is not sensitive; it can be world-readable.
- .Xr ssh-vulnkey 1 ,
+@@ -956,7 +956,6 @@ The content of this file is not sensitive; it can be world-readable.
+ .Xr ssh-keyscan 1 ,
  .Xr chroot 2 ,
  .Xr hosts_access 5 ,
 -.Xr login.conf 5 ,
@@ -133,7 +133,7 @@ index a604429..6bdd219 100644
  .Xr sshd_config 5 ,
  .Xr inetd 8 ,
 diff --git a/sshd_config.5 b/sshd_config.5
-index eaf8d01..ec4851a 100644
+index 50eec53..04b5f1a 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
 @@ -283,8 +283,7 @@ This option is only available for protocol version 2.
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch
index df97fa40f..f6d793751 100644
--- a/debian/patches/package-versioning.patch
+++ b/debian/patches/package-versioning.patch
@@ -1,4 +1,4 @@
-From da3ff9786c4c03b2aac4936b28f06b3c152e230d Mon Sep 17 00:00:00 2001
+From 893bd5a6f70b58e1ed98d496c4f465d8c1df71a7 Mon Sep 17 00:00:00 2001
 From: Matthew Vernon <matthew@debian.org>
 Date: Sun, 9 Feb 2014 16:10:05 +0000
 Subject: Include the Debian version in our identification
@@ -36,7 +36,7 @@ index bda83b2..ad960fd 100644
         if (roaming_atomicio(vwrite, connection_out, client_version_string,
             strlen(client_version_string)) != strlen(client_version_string))
 diff --git a/sshd.c b/sshd.c
-index fbe3284..7efa7ef 100644
+index e5c9835..46ec1a7 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -440,7 +440,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
diff --git a/debian/patches/quieter-signals.patch b/debian/patches/quieter-signals.patch
index 5cb0146d8..664abf0ff 100644
--- a/debian/patches/quieter-signals.patch
+++ b/debian/patches/quieter-signals.patch
@@ -1,4 +1,4 @@
-From da5b4ce7296ada332d70133a9ec02ba71c742b7d Mon Sep 17 00:00:00 2001
+From 360257b8a56798d507123ff770f2def408464f00 Mon Sep 17 00:00:00 2001
 From: Peter Samuelson <peter@p12n.org>
 Date: Sun, 9 Feb 2014 16:09:55 +0000
 Subject: Reduce severity of "Killed by signal %d"
diff --git a/debian/patches/scp-quoting.patch b/debian/patches/scp-quoting.patch
index 887164beb..71dcecc9c 100644
--- a/debian/patches/scp-quoting.patch
+++ b/debian/patches/scp-quoting.patch
@@ -1,4 +1,4 @@
-From 7531f41888f9e40be95a319fb325f6f05dd50751 Mon Sep 17 00:00:00 2001
+From bb3ea9f222f7f0fe9b449b75bfae93513f7ca3e2 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Nicolas=20Valc=C3=A1rcel?= <nvalcarcel@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:09:59 +0000
 Subject: Adjust scp quoting in verbose mode
diff --git a/debian/patches/series b/debian/patches/series
index ced2bbd1e..5d21e57d1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,6 +1,6 @@
 gssapi.patch
 selinux-role.patch
-ssh-vulnkey.patch
+ssh-vulnkey-compat.patch
 ssh1-keepalive.patch
 keepalive-extensions.patch
 syslog-level-silent.patch
diff --git a/debian/patches/shell-path.patch b/debian/patches/shell-path.patch
index 8f09b936a..a7540eb34 100644
--- a/debian/patches/shell-path.patch
+++ b/debian/patches/shell-path.patch
@@ -1,4 +1,4 @@
-From b5f3be892e6d7150e7885133228fd03af69a11bc Mon Sep 17 00:00:00 2001
+From 7231af57ca3efb451ace1b8e056fa0e52c67654e Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:00 +0000
 Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand
diff --git a/debian/patches/sigstop.patch b/debian/patches/sigstop.patch
index febcbc86a..7776b6d11 100644
--- a/debian/patches/sigstop.patch
+++ b/debian/patches/sigstop.patch
@@ -1,4 +1,4 @@
-From 6fba9b85d3529fd3e1ca03dff3e457f04b3e39dd Mon Sep 17 00:00:00 2001
+From 727d51f30918f6635f06694f71f4318a6038296d Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:17 +0000
 Subject: Support synchronisation with service supervisor using SIGSTOP
@@ -12,10 +12,10 @@ Patch-Name: sigstop.patch
  1 file changed, 4 insertions(+)
 
 diff --git a/sshd.c b/sshd.c
-index 6b988fe..72e9eaf 100644
+index 63b9357..fd7f182 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -1914,6 +1914,10 @@ main(int ac, char **av)
+@@ -1909,6 +1909,10 @@ main(int ac, char **av)
                         }
                 }
  
diff --git a/debian/patches/ssh-agent-setgid.patch b/debian/patches/ssh-agent-setgid.patch
index 3760e8c14..9ae105960 100644
--- a/debian/patches/ssh-agent-setgid.patch
+++ b/debian/patches/ssh-agent-setgid.patch
@@ -1,4 +1,4 @@
-From 92a81c0caf44c15d3a07cf1f36470ca05c11ff1e Mon Sep 17 00:00:00 2001
+From ad4f5086a0f0c47daf04be484ff310101551e48a Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:13 +0000
 Subject: Document consequences of ssh-agent being setgid in ssh-agent(1)
diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch
index b15f251ef..138a3632a 100644
--- a/debian/patches/ssh-argv0.patch
+++ b/debian/patches/ssh-argv0.patch
@@ -1,4 +1,4 @@
-From b339802cbe8c304541273029a1c9c3c639725643 Mon Sep 17 00:00:00 2001
+From 901a9e09f92a72c4a627af9feffdd39fb805e95d Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:10 +0000
 Subject: ssh(1): Refer to ssh-argv0(1)
@@ -18,7 +18,7 @@ Patch-Name: ssh-argv0.patch
  1 file changed, 1 insertion(+)
 
 diff --git a/ssh.1 b/ssh.1
-index b3c3924..c0cc12f 100644
+index 6e2e03b..63b0573 100644
 --- a/ssh.1
 +++ b/ssh.1
 @@ -1451,6 +1451,7 @@ if an error occurred.
@@ -28,4 +28,4 @@ index b3c3924..c0cc12f 100644
 +.Xr ssh-argv0 1 ,
  .Xr ssh-keygen 1 ,
  .Xr ssh-keyscan 1 ,
- .Xr ssh-vulnkey 1 ,
+ .Xr tun 4 ,
diff --git a/debian/patches/ssh-vulnkey-compat.patch b/debian/patches/ssh-vulnkey-compat.patch
new file mode 100644
index 000000000..50d500f6d
--- /dev/null
+++ b/debian/patches/ssh-vulnkey-compat.patch
@@ -0,0 +1,42 @@
+From bdc94de85ed7dbafb949c239d7c3eff23ea4aa28 Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@ubuntu.com>
+Date: Sun, 9 Feb 2014 16:09:50 +0000
+Subject: Accept obsolete ssh-vulnkey configuration options
+
+These options were used as part of Debian's response to CVE-2008-0166.
+Nearly six years later, we no longer need to continue carrying the bulk
+of that patch, but we do need to avoid failing when the associated
+configuration options are still present.
+
+Last-Update: 2014-02-09
+
+Patch-Name: ssh-vulnkey-compat.patch
+---
+ readconf.c | 1 +
+ servconf.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/readconf.c b/readconf.c
+index 2695fd6..915a0f7 100644
+--- a/readconf.c
++++ b/readconf.c
+@@ -161,6 +161,7 @@ static struct {
+        { "passwordauthentication", oPasswordAuthentication },
+        { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
+        { "kbdinteractivedevices", oKbdInteractiveDevices },
++       { "useblacklistedkeys", oDeprecated },
+        { "rsaauthentication", oRSAAuthentication },
+        { "pubkeyauthentication", oPubkeyAuthentication },
+        { "dsaauthentication", oPubkeyAuthentication },             /* alias */
+diff --git a/servconf.c b/servconf.c
+index c938ae3..dcb8caf 100644
+--- a/servconf.c
++++ b/servconf.c
+@@ -451,6 +451,7 @@ static struct {
+        { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
+        { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
+        { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
++       { "permitblacklistedkeys", sDeprecated, SSHCFG_GLOBAL },
+        { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
+        { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
+        { "uselogin", sUseLogin, SSHCFG_GLOBAL },
diff --git a/debian/patches/ssh-vulnkey.patch b/debian/patches/ssh-vulnkey.patch
deleted file mode 100644
index ae262083d..000000000
--- a/debian/patches/ssh-vulnkey.patch
+++ /dev/null
@@ -1,1419 +0,0 @@
-From 8909ff0e3cd07d1b042d1be1c8b8828dbf6c9a83 Mon Sep 17 00:00:00 2001
-From: Colin Watson <cjwatson@ubuntu.com>
-Date: Sun, 9 Feb 2014 16:09:50 +0000
-Subject: Reject vulnerable keys to mitigate Debian OpenSSL flaw
-
-In 2008, Debian (and derived distributions such as Ubuntu) shipped an
-OpenSSL package with a flawed random number generator, causing OpenSSH to
-generate only a very limited set of keys which were subject to private half
-precomputation.  To mitigate this, this patch checks key authentications
-against a blacklist of known-vulnerable keys, and adds a new ssh-vulnkey
-program which can be used to explicitly check keys against that blacklist.
-See CVE-2008-0166.
-
-Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1469
-Last-Update: 2013-09-14
-
-Patch-Name: ssh-vulnkey.patch
----
- Makefile.in       |  17 ++-
- auth-rh-rsa.c     |   2 +-
- auth-rsa.c        |   2 +-
- auth.c            |  27 +++-
- auth.h            |   2 +-
- auth2-hostbased.c |   2 +-
- auth2-pubkey.c    |   5 +-
- authfile.c        | 136 +++++++++++++++++++
- authfile.h        |   2 +
- pathnames.h       |   7 +
- readconf.c        |   9 ++
- readconf.h        |   1 +
- servconf.c        |  11 +-
- servconf.h        |   1 +
- ssh-add.1         |   5 +
- ssh-add.c         |  10 +-
- ssh-keygen.1      |   1 +
- ssh-vulnkey.1     | 242 ++++++++++++++++++++++++++++++++++
- ssh-vulnkey.c     | 386 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
- ssh.1             |   1 +
- ssh.c             |  18 ++-
- ssh_config.5      |  17 +++
- sshconnect2.c     |   4 +-
- sshd.8            |   1 +
- sshd.c            |   5 +
- sshd_config.5     |  14 ++
- 26 files changed, 913 insertions(+), 15 deletions(-)
- create mode 100644 ssh-vulnkey.1
- create mode 100644 ssh-vulnkey.c
-
-diff --git a/Makefile.in b/Makefile.in
-index f979926..b8f5099 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -26,6 +26,7 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
- SFTP_SERVER=$(libexecdir)/sftp-server
- SSH_KEYSIGN=$(libexecdir)/ssh-keysign
- SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
-+SSH_DATADIR=$(datadir)/ssh
- PRIVSEP_PATH=@PRIVSEP_PATH@
- SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
- STRIP_OPT=@STRIP_OPT@
-@@ -37,7 +38,8 @@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \
-        -D_PATH_SSH_KEY_SIGN=\"$(SSH_KEYSIGN)\" \
-        -D_PATH_SSH_PKCS11_HELPER=\"$(SSH_PKCS11_HELPER)\" \
-        -D_PATH_SSH_PIDDIR=\"$(piddir)\" \
--       -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\"
-+       -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\" \
-+       -D_PATH_SSH_DATADIR=\"$(SSH_DATADIR)\"
- 
- CC=@CC@
- LD=@LD@
-@@ -61,7 +63,7 @@ LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
- EXEEXT=@EXEEXT@
- MANFMT=@MANFMT@
- 
--TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
-+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-vulnkey$(EXEEXT)
- 
- LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \
-        canohost.o channels.o cipher.o cipher-aes.o \
-@@ -96,8 +98,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
-        sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
-        sandbox-seccomp-filter.o
- 
--MANPAGES       = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
--MANPAGES_IN    = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
-+MANPAGES       = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-vulnkey.1.out sshd_config.5.out ssh_config.5.out
-+MANPAGES_IN    = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-vulnkey.1 sshd_config.5 ssh_config.5
- MANTYPE                = @MANTYPE@
- 
- CONFIGFILES=sshd_config.out ssh_config.out moduli.out
-@@ -176,6 +178,9 @@ sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o s
- sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
-        $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
- 
-+ssh-vulnkey$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-vulnkey.o
-+       $(LD) -o $@ ssh-vulnkey.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-+
- # test driver for the loginrec code - not built by default
- logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
-        $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)
-@@ -272,6 +277,7 @@ install-files:
-        $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
-        $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
-        $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
-+       $(INSTALL) -m 0755 $(STRIP_OPT) ssh-vulnkey$(EXEEXT) $(DESTDIR)$(bindir)/ssh-vulnkey$(EXEEXT)
-        $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
-        $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
-        $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
-@@ -286,6 +292,7 @@ install-files:
-        $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
-        $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
-        $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
-+       $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1
-        -rm -f $(DESTDIR)$(bindir)/slogin
-        ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
-        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
-@@ -367,6 +374,7 @@ uninstall:
-        -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT)
-        -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
-        -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
-+       -rm -f $(DESTDIR)$(bindir)/ssh-vulnkey$(EXEEXT)
-        -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT)
-        -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
-        -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
-@@ -379,6 +387,7 @@ uninstall:
-        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
-        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
-        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
-+       -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1
-        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
-        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
-        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
-diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
-index b21a0f4..891ec32 100644
---- a/auth-rh-rsa.c
-+++ b/auth-rh-rsa.c
-@@ -44,7 +44,7 @@ auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost,
- {
-        HostStatus host_status;
- 
--       if (auth_key_is_revoked(client_host_key))
-+       if (auth_key_is_revoked(client_host_key, 0))
-                return 0;
- 
-        /* Check if we would accept it using rhosts authentication. */
-diff --git a/auth-rsa.c b/auth-rsa.c
-index 545aa49..6ed152c 100644
---- a/auth-rsa.c
-+++ b/auth-rsa.c
-@@ -237,7 +237,7 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file,
-                free(fp);
- 
-                /* Never accept a revoked key */
--               if (auth_key_is_revoked(key))
-+               if (auth_key_is_revoked(key, 0))
-                        break;
- 
-                /* We have found the desired key. */
-diff --git a/auth.c b/auth.c
-index 9a36f1d..6662e9a 100644
---- a/auth.c
-+++ b/auth.c
-@@ -59,6 +59,7 @@
- #include "servconf.h"
- #include "key.h"
- #include "hostfile.h"
-+#include "authfile.h"
- #include "auth.h"
- #include "auth-options.h"
- #include "canohost.h"
-@@ -657,10 +658,34 @@ getpwnamallow(const char *user)
- 
- /* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */
- int
--auth_key_is_revoked(Key *key)
-+auth_key_is_revoked(Key *key, int hostkey)
- {
-        char *key_fp;
- 
-+       if (blacklisted_key(key, &key_fp) == 1) {
-+               if (options.permit_blacklisted_keys) {
-+                       if (hostkey)
-+                               error("Host key %s blacklisted (see "
-+                                   "ssh-vulnkey(1)); continuing anyway",
-+                                   key_fp);
-+                       else
-+                               logit("Public key %s from %s blacklisted (see "
-+                                   "ssh-vulnkey(1)); continuing anyway",
-+                                   key_fp, get_remote_ipaddr());
-+                       free(key_fp);
-+               } else {
-+                       if (hostkey)
-+                               error("Host key %s blacklisted (see "
-+                                   "ssh-vulnkey(1))", key_fp);
-+                       else
-+                               logit("Public key %s from %s blacklisted (see "
-+                                   "ssh-vulnkey(1))",
-+                                   key_fp, get_remote_ipaddr());
-+                       free(key_fp);
-+                       return 1;
-+               }
-+       }
-+
-        if (options.revoked_keys_file == NULL)
-                return 0;
-        switch (ssh_krl_file_contains_key(options.revoked_keys_file, key)) {
-diff --git a/auth.h b/auth.h
-index 5b6824f..ec95460 100644
---- a/auth.h
-+++ b/auth.h
-@@ -191,7 +191,7 @@ char        *authorized_principals_file(struct passwd *);
- 
- FILE   *auth_openkeyfile(const char *, struct passwd *, int);
- FILE   *auth_openprincipals(const char *, struct passwd *, int);
--int     auth_key_is_revoked(Key *);
-+int     auth_key_is_revoked(Key *, int);
- 
- HostStatus
- check_key_in_hostfiles(struct passwd *, Key *, const char *,
-diff --git a/auth2-hostbased.c b/auth2-hostbased.c
-index a344dcc..3a17f1b 100644
---- a/auth2-hostbased.c
-+++ b/auth2-hostbased.c
-@@ -150,7 +150,7 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
-        int len;
-        char *fp;
- 
--       if (auth_key_is_revoked(key))
-+       if (auth_key_is_revoked(key, 0))
-                return 0;
- 
-        resolvedname = get_canonical_hostname(options.use_dns);
-diff --git a/auth2-pubkey.c b/auth2-pubkey.c
-index 2b3ecb1..12eb8a6 100644
---- a/auth2-pubkey.c
-+++ b/auth2-pubkey.c
-@@ -647,9 +647,10 @@ user_key_allowed(struct passwd *pw, Key *key)
-        u_int success, i;
-        char *file;
- 
--       if (auth_key_is_revoked(key))
-+       if (auth_key_is_revoked(key, 0))
-                return 0;
--       if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
-+       if (key_is_cert(key) &&
-+           auth_key_is_revoked(key->cert->signature_key, 0))
-                return 0;
- 
-        success = user_cert_trusted_ca(pw, key);
-diff --git a/authfile.c b/authfile.c
-index 63ae16b..9833591 100644
---- a/authfile.c
-+++ b/authfile.c
-@@ -68,6 +68,7 @@
- #include "rsa.h"
- #include "misc.h"
- #include "atomicio.h"
-+#include "pathnames.h"
- 
- #define MAX_KEY_FILE_SIZE      (1024 * 1024)
- 
-@@ -944,3 +945,138 @@ key_in_file(Key *key, const char *filename, int strict_type)
-        return ret;
- }
- 
-+/* Scan a blacklist of known-vulnerable keys in blacklist_file. */
-+static int
-+blacklisted_key_in_file(Key *key, const char *blacklist_file, char **fp)
-+{
-+       int fd = -1;
-+       char *dgst_hex = NULL;
-+       char *dgst_packed = NULL, *p;
-+       int i;
-+       size_t line_len;
-+       struct stat st;
-+       char buf[256];
-+       off_t start, lower, upper;
-+       int ret = 0;
-+
-+       debug("Checking blacklist file %s", blacklist_file);
-+       fd = open(blacklist_file, O_RDONLY);
-+       if (fd < 0) {
-+               ret = -1;
-+               goto out;
-+       }
-+
-+       dgst_hex = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
-+       /* Remove all colons */
-+       dgst_packed = xcalloc(1, strlen(dgst_hex) + 1);
-+       for (i = 0, p = dgst_packed; dgst_hex[i]; i++)
-+               if (dgst_hex[i] != ':')
-+                       *p++ = dgst_hex[i];
-+       /* Only compare least-significant 80 bits (to keep the blacklist
-+        * size down)
-+        */
-+       line_len = strlen(dgst_packed + 12);
-+       if (line_len > 32)
-+               goto out;
-+
-+       /* Skip leading comments */
-+       start = 0;
-+       for (;;) {
-+               ssize_t r;
-+               char *newline;
-+
-+               r = atomicio(read, fd, buf, sizeof(buf));
-+               if (r <= 0)
-+                       goto out;
-+               if (buf[0] != '#')
-+                       break;
-+
-+               newline = memchr(buf, '\n', sizeof(buf));
-+               if (!newline)
-+                       goto out;
-+               start += newline + 1 - buf;
-+               if (lseek(fd, start, SEEK_SET) < 0)
-+                       goto out;
-+       }
-+
-+       /* Initialise binary search record numbers */
-+       if (fstat(fd, &st) < 0)
-+               goto out;
-+       lower = 0;
-+       upper = (st.st_size - start) / (line_len + 1);
-+
-+       while (lower != upper) {
-+               off_t cur;
-+               int cmp;
-+
-+               cur = lower + (upper - lower) / 2;
-+
-+               /* Read this line and compare to digest; this is
-+                * overflow-safe since cur < max(off_t) / (line_len + 1) */
-+               if (lseek(fd, start + cur * (line_len + 1), SEEK_SET) < 0)
-+                       break;
-+               if (atomicio(read, fd, buf, line_len) != line_len)
-+                       break;
-+               cmp = memcmp(buf, dgst_packed + 12, line_len);
-+               if (cmp < 0) {
-+                       if (cur == lower)
-+                               break;
-+                       lower = cur;
-+               } else if (cmp > 0) {
-+                       if (cur == upper)
-+                               break;
-+                       upper = cur;
-+               } else {
-+                       debug("Found %s in blacklist", dgst_hex);
-+                       ret = 1;
-+                       break;
-+               }
-+       }
-+
-+out:
-+       free(dgst_packed);
-+       if (ret != 1 && dgst_hex) {
-+               free(dgst_hex);
-+               dgst_hex = NULL;
-+       }
-+       if (fp)
-+               *fp = dgst_hex;
-+       if (fd >= 0)
-+               close(fd);
-+       return ret;
-+}
-+
-+/*
-+ * Scan blacklists of known-vulnerable keys. If a vulnerable key is found,
-+ * its fingerprint is returned in *fp, unless fp is NULL.
-+ */
-+int
-+blacklisted_key(Key *key, char **fp)
-+{
-+       Key *public;
-+       char *blacklist_file;
-+       int ret, ret2;
-+
-+       public = key_demote(key);
-+       if (public->type == KEY_RSA1)
-+               public->type = KEY_RSA;
-+
-+       xasprintf(&blacklist_file, "%s.%s-%u",
-+           _PATH_BLACKLIST, key_type(public), key_size(public));
-+       ret = blacklisted_key_in_file(public, blacklist_file, fp);
-+       free(blacklist_file);
-+       if (ret > 0) {
-+               key_free(public);
-+               return ret;
-+       }
-+
-+       xasprintf(&blacklist_file, "%s.%s-%u",
-+           _PATH_BLACKLIST_CONFIG, key_type(public), key_size(public));
-+       ret2 = blacklisted_key_in_file(public, blacklist_file, fp);
-+       free(blacklist_file);
-+       if (ret2 > ret)
-+               ret = ret2;
-+
-+       key_free(public);
-+       return ret;
-+}
-diff --git a/authfile.h b/authfile.h
-index 78349be..3f2bdcb 100644
---- a/authfile.h
-+++ b/authfile.h
-@@ -28,4 +28,6 @@ Key   *key_load_private_pem(int, int, const char *, char **);
- int     key_perm_ok(int, const char *);
- int     key_in_file(Key *, const char *, int);
- 
-+int     blacklisted_key(Key *key, char **fp);
-+
- #endif
-diff --git a/pathnames.h b/pathnames.h
-index 5027fba..47f7867 100644
---- a/pathnames.h
-+++ b/pathnames.h
-@@ -18,6 +18,10 @@
- #define SSHDIR                         ETCDIR "/ssh"
- #endif
- 
-+#ifndef _PATH_SSH_DATADIR
-+#define _PATH_SSH_DATADIR              "/usr/share/ssh"
-+#endif
-+
- #ifndef _PATH_SSH_PIDDIR
- #define _PATH_SSH_PIDDIR               "/var/run"
- #endif
-@@ -44,6 +48,9 @@
- /* Backwards compatibility */
- #define _PATH_DH_PRIMES                        SSHDIR "/primes"
- 
-+#define _PATH_BLACKLIST                        _PATH_SSH_DATADIR "/blacklist"
-+#define _PATH_BLACKLIST_CONFIG         SSHDIR "/blacklist"
-+
- #ifndef _PATH_SSH_PROGRAM
- #define _PATH_SSH_PROGRAM              "/usr/bin/ssh"
- #endif
-diff --git a/readconf.c b/readconf.c
-index 2695fd6..22e5a3a 100644
---- a/readconf.c
-+++ b/readconf.c
-@@ -128,6 +128,7 @@ typedef enum {
-        oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
-        oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
-        oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
-+       oUseBlacklistedKeys,
-        oHostKeyAlgorithms, oBindAddress, oPKCS11Provider,
-        oClearAllForwardings, oNoHostAuthenticationForLocalhost,
-        oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
-@@ -161,6 +162,7 @@ static struct {
-        { "passwordauthentication", oPasswordAuthentication },
-        { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
-        { "kbdinteractivedevices", oKbdInteractiveDevices },
-+       { "useblacklistedkeys", oUseBlacklistedKeys },
-        { "rsaauthentication", oRSAAuthentication },
-        { "pubkeyauthentication", oPubkeyAuthentication },
-        { "dsaauthentication", oPubkeyAuthentication },             /* alias */
-@@ -523,6 +525,10 @@ parse_flag:
-                intptr = &options->challenge_response_authentication;
-                goto parse_flag;
- 
-+       case oUseBlacklistedKeys:
-+               intptr = &options->use_blacklisted_keys;
-+               goto parse_flag;
-+
-        case oGssAuthentication:
-                intptr = &options->gss_authentication;
-                goto parse_flag;
-@@ -1210,6 +1216,7 @@ initialize_options(Options * options)
-        options->kbd_interactive_devices = NULL;
-        options->rhosts_rsa_authentication = -1;
-        options->hostbased_authentication = -1;
-+       options->use_blacklisted_keys = -1;
-        options->batch_mode = -1;
-        options->check_host_ip = -1;
-        options->strict_host_key_checking = -1;
-@@ -1320,6 +1327,8 @@ fill_default_options(Options * options)
-                options->rhosts_rsa_authentication = 0;
-        if (options->hostbased_authentication == -1)
-                options->hostbased_authentication = 0;
-+       if (options->use_blacklisted_keys == -1)
-+               options->use_blacklisted_keys = 0;
-        if (options->batch_mode == -1)
-                options->batch_mode = 0;
-        if (options->check_host_ip == -1)
-diff --git a/readconf.h b/readconf.h
-index 675b35d..a508151 100644
---- a/readconf.h
-+++ b/readconf.h
-@@ -59,6 +59,7 @@ typedef struct {
-        int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
-        char    *kbd_interactive_devices; /* Keyboard-interactive auth devices. */
-        int     zero_knowledge_password_authentication; /* Try jpake */
-+       int     use_blacklisted_keys;   /* If true, send */
-        int     batch_mode;     /* Batch mode: do not ask for passwords. */
-        int     check_host_ip;  /* Also keep track of keys for IP address */
-        int     strict_host_key_checking;       /* Strict host key checking. */
-diff --git a/servconf.c b/servconf.c
-index c938ae3..9155a8b 100644
---- a/servconf.c
-+++ b/servconf.c
-@@ -114,6 +114,7 @@ initialize_server_options(ServerOptions *options)
-        options->password_authentication = -1;
-        options->kbd_interactive_authentication = -1;
-        options->challenge_response_authentication = -1;
-+       options->permit_blacklisted_keys = -1;
-        options->permit_empty_passwd = -1;
-        options->permit_user_env = -1;
-        options->use_login = -1;
-@@ -257,6 +258,8 @@ fill_default_server_options(ServerOptions *options)
-                options->kbd_interactive_authentication = 0;
-        if (options->challenge_response_authentication == -1)
-                options->challenge_response_authentication = 1;
-+       if (options->permit_blacklisted_keys == -1)
-+               options->permit_blacklisted_keys = 0;
-        if (options->permit_empty_passwd == -1)
-                options->permit_empty_passwd = 0;
-        if (options->permit_user_env == -1)
-@@ -338,7 +341,7 @@ typedef enum {
-        sListenAddress, sAddressFamily,
-        sPrintMotd, sPrintLastLog, sIgnoreRhosts,
-        sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
--       sStrictModes, sEmptyPasswd, sTCPKeepAlive,
-+       sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive,
-        sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
-        sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
-        sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
-@@ -451,6 +454,7 @@ static struct {
-        { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
-        { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
-        { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
-+       { "permitblacklistedkeys", sPermitBlacklistedKeys, SSHCFG_GLOBAL },
-        { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
-        { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
-        { "uselogin", sUseLogin, SSHCFG_GLOBAL },
-@@ -1158,6 +1162,10 @@ process_server_config_line(ServerOptions *options, char *line,
-                intptr = &options->tcp_keep_alive;
-                goto parse_flag;
- 
-+       case sPermitBlacklistedKeys:
-+               intptr = &options->permit_blacklisted_keys;
-+               goto parse_flag;
-+
-        case sEmptyPasswd:
-                intptr = &options->permit_empty_passwd;
-                goto parse_flag;
-@@ -2036,6 +2044,7 @@ dump_config(ServerOptions *o)
-        dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
-        dump_cfg_fmtint(sStrictModes, o->strict_modes);
-        dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
-+       dump_cfg_fmtint(sPermitBlacklistedKeys, o->permit_blacklisted_keys);
-        dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
-        dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
-        dump_cfg_fmtint(sUseLogin, o->use_login);
-diff --git a/servconf.h b/servconf.h
-index ab6e346..f655c5b 100644
---- a/servconf.h
-+++ b/servconf.h
-@@ -121,6 +121,7 @@ typedef struct {
-        int     challenge_response_authentication;
-        int     zero_knowledge_password_authentication;
-                                        /* If true, permit jpake auth */
-+       int     permit_blacklisted_keys;        /* If true, permit */
-        int     permit_empty_passwd;    /* If false, do not permit empty
-                                         * passwords. */
-        int     permit_user_env;        /* If true, read ~/.ssh/environment */
-diff --git a/ssh-add.1 b/ssh-add.1
-index 44846b6..d394b26 100644
---- a/ssh-add.1
-+++ b/ssh-add.1
-@@ -81,6 +81,10 @@ environment variable must contain the name of its socket for
- .Nm
- to work.
- .Pp
-+Any keys recorded in the blacklist of known-compromised keys (see
-+.Xr ssh-vulnkey 1 )
-+will be refused.
-+.Pp
- The options are as follows:
- .Bl -tag -width Ds
- .It Fl c
-@@ -186,6 +190,7 @@ is unable to contact the authentication agent.
- .Xr ssh 1 ,
- .Xr ssh-agent 1 ,
- .Xr ssh-keygen 1 ,
-+.Xr ssh-vulnkey 1 ,
- .Xr sshd 8
- .Sh AUTHORS
- OpenSSH is a derivative of the original and free
-diff --git a/ssh-add.c b/ssh-add.c
-index 5e8166f..b309582 100644
---- a/ssh-add.c
-+++ b/ssh-add.c
-@@ -167,7 +167,7 @@ static int
- add_file(AuthenticationConnection *ac, const char *filename, int key_only)
- {
-        Key *private, *cert;
--       char *comment = NULL;
-+       char *comment = NULL, *fp;
-        char msg[1024], *certpath = NULL;
-        int fd, perms_ok, ret = -1;
-        Buffer keyblob;
-@@ -243,6 +243,14 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only)
-        } else {
-                fprintf(stderr, "Could not add identity: %s\n", filename);
-        }
-+       if (blacklisted_key(private, &fp) == 1) {
-+               fprintf(stderr, "Public key %s blacklisted (see "
-+                   "ssh-vulnkey(1)); refusing to add it\n", fp);
-+               free(fp);
-+               key_free(private);
-+               free(comment);
-+               return -1;
-+       }
- 
-        /* Skip trying to load the cert if requested */
-        if (key_only)
-diff --git a/ssh-keygen.1 b/ssh-keygen.1
-index 0d55854..144be7d 100644
---- a/ssh-keygen.1
-+++ b/ssh-keygen.1
-@@ -809,6 +809,7 @@ The file format is described in
- .Xr ssh 1 ,
- .Xr ssh-add 1 ,
- .Xr ssh-agent 1 ,
-+.Xr ssh-vulnkey 1 ,
- .Xr moduli 5 ,
- .Xr sshd 8
- .Rs
-diff --git a/ssh-vulnkey.1 b/ssh-vulnkey.1
-new file mode 100644
-index 0000000..bcb9d31
---- /dev/null
-+++ b/ssh-vulnkey.1
-@@ -0,0 +1,242 @@
-+.\" Copyright (c) 2008 Canonical Ltd.  All rights reserved.
-+.\"
-+.\" Redistribution and use in source and binary forms, with or without
-+.\" modification, are permitted provided that the following conditions
-+.\" are met:
-+.\" 1. Redistributions of source code must retain the above copyright
-+.\"    notice, this list of conditions and the following disclaimer.
-+.\" 2. Redistributions in binary form must reproduce the above copyright
-+.\"    notice, this list of conditions and the following disclaimer in the
-+.\"    documentation and/or other materials provided with the distribution.
-+.\"
-+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+.\"
-+.Dd $Mdocdate: May 12 2008 $
-+.Dt SSH-VULNKEY 1
-+.Os
-+.Sh NAME
-+.Nm ssh-vulnkey
-+.Nd check blacklist of compromised keys
-+.Sh SYNOPSIS
-+.Nm
-+.Op Fl q | Fl v
-+.Ar file ...
-+.Nm
-+.Fl a
-+.Sh DESCRIPTION
-+.Nm
-+checks a key against a blacklist of compromised keys.
-+.Pp
-+A substantial number of keys are known to have been generated using a broken
-+version of OpenSSL distributed by Debian which failed to seed its random
-+number generator correctly.
-+Keys generated using these OpenSSL versions should be assumed to be
-+compromised.
-+This tool may be useful in checking for such keys.
-+.Pp
-+Keys that are compromised cannot be repaired; replacements must be generated
-+using
-+.Xr ssh-keygen 1 .
-+Make sure to update
-+.Pa authorized_keys
-+files on all systems where compromised keys were permitted to authenticate.
-+.Pp
-+The argument list will be interpreted as a list of paths to public key files
-+or
-+.Pa authorized_keys
-+files.
-+If no suitable file is found at a given path,
-+.Nm
-+will append
-+.Pa .pub
-+and retry, in case it was given a private key file.
-+If no files are given as arguments,
-+.Nm
-+will check
-+.Pa ~/.ssh/id_rsa ,
-+.Pa ~/.ssh/id_dsa ,
-+.Pa ~/.ssh/identity ,
-+.Pa ~/.ssh/authorized_keys
-+and
-+.Pa ~/.ssh/authorized_keys2 ,
-+as well as the system's host keys if readable.
-+.Pp
-+If
-+.Dq -
-+is given as an argument,
-+.Nm
-+will read from standard input.
-+This can be used to process output from
-+.Xr ssh-keyscan 1 ,
-+for example:
-+.Pp
-+.Dl $ ssh-keyscan -t rsa remote.example.org | ssh-vulnkey -
-+.Pp
-+Unless the
-+.Cm PermitBlacklistedKeys
-+option is used,
-+.Xr sshd 8
-+will reject attempts to authenticate with keys in the compromised list.
-+.Pp
-+The output from
-+.Nm
-+looks like this:
-+.Pp
-+.Bd -literal -offset indent
-+/etc/ssh/ssh_host_key:1: COMPROMISED: RSA1 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx root@host
-+/home/user/.ssh/id_dsa:1: Not blacklisted: DSA 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx /home/user/.ssh/id_dsa.pub
-+/home/user/.ssh/authorized_keys:3: Unknown (blacklist file not installed): RSA 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx user@host
-+.Ed
-+.Pp
-+Each line is of the following format (any lines beginning with
-+.Dq #
-+should be ignored by scripts):
-+.Pp
-+.Dl Ar filename : Ns Ar line : Ar status : Ar type Ar size Ar fingerprint Ar comment
-+.Pp
-+It is important to distinguish between the possible values of
-+.Ar status :
-+.Pp
-+.Bl -tag -width Ds
-+.It COMPROMISED
-+These keys are listed in a blacklist file, normally because their
-+corresponding private keys are well-known.
-+Replacements must be generated using
-+.Xr ssh-keygen 1 .
-+.It Not blacklisted
-+A blacklist file exists for this key type and size, but this key is not
-+listed in it.
-+Unless there is some particular reason to believe otherwise, this key
-+may be used safely.
-+(Note that DSA keys used with the broken version of OpenSSL distributed
-+by Debian may be compromised in the event that anyone captured a network
-+trace, even if they were generated with a secure version of OpenSSL.)
-+.It Unknown (blacklist file not installed)
-+No blacklist file exists for this key type and size.
-+You should find a suitable published blacklist and install it before
-+deciding whether this key is safe to use.
-+.El
-+.Pp
-+The options are as follows:
-+.Bl -tag -width Ds
-+.It Fl a
-+Check keys of all users on the system.
-+You will typically need to run
-+.Nm
-+as root to use this option.
-+For each user,
-+.Nm
-+will check
-+.Pa ~/.ssh/id_rsa ,
-+.Pa ~/.ssh/id_dsa ,
-+.Pa ~/.ssh/identity ,
-+.Pa ~/.ssh/authorized_keys
-+and
-+.Pa ~/.ssh/authorized_keys2 .
-+It will also check the system's host keys.
-+.It Fl q
-+Quiet mode.
-+Normally,
-+.Nm
-+outputs the fingerprint of each key scanned, with a description of its
-+status.
-+This option suppresses that output.
-+.It Fl v
-+Verbose mode.
-+Normally,
-+.Nm
-+does not output anything for keys that are not listed in their corresponding
-+blacklist file (although it still produces output for keys for which there
-+is no blacklist file, since their status is unknown).
-+This option causes
-+.Nm
-+to produce output for all keys.
-+.El
-+.Sh EXIT STATUS
-+.Nm
-+will exit zero if any of the given keys were in the compromised list,
-+otherwise non-zero.
-+.Sh BLACKLIST FILE FORMAT
-+The blacklist file may start with comments, on lines starting with
-+.Dq # .
-+After these initial comments, it must follow a strict format:
-+.Pp
-+.Bl -bullet -offset indent -compact
-+.It
-+All the lines must be exactly the same length (20 characters followed by a
-+newline) and must be in sorted order.
-+.It
-+Each line must consist of the lower-case hexadecimal MD5 key fingerprint,
-+without colons, and with the first 12 characters removed (that is, the least
-+significant 80 bits of the fingerprint).
-+.El
-+.Pp
-+The key fingerprint may be generated using
-+.Xr ssh-keygen 1 :
-+.Pp
-+.Dl $ ssh-keygen -l -f /path/to/key
-+.Pp
-+This strict format is necessary to allow the blacklist file to be checked
-+quickly, using a binary-search algorithm.
-+.Sh FILES
-+.Bl -tag -width Ds
-+.It Pa ~/.ssh/id_rsa
-+If present, contains the protocol version 2 RSA authentication identity of
-+the user.
-+.It Pa ~/.ssh/id_dsa
-+If present, contains the protocol version 2 DSA authentication identity of
-+the user.
-+.It Pa ~/.ssh/identity
-+If present, contains the protocol version 1 RSA authentication identity of
-+the user.
-+.It Pa ~/.ssh/authorized_keys
-+If present, lists the public keys (RSA/DSA) that can be used for logging in
-+as this user.
-+.It Pa ~/.ssh/authorized_keys2
-+Obsolete name for
-+.Pa ~/.ssh/authorized_keys .
-+This file may still be present on some old systems, but should not be
-+created if it is missing.
-+.It Pa /etc/ssh/ssh_host_rsa_key
-+If present, contains the protocol version 2 RSA identity of the system.
-+.It Pa /etc/ssh/ssh_host_dsa_key
-+If present, contains the protocol version 2 DSA identity of the system.
-+.It Pa /etc/ssh/ssh_host_key
-+If present, contains the protocol version 1 RSA identity of the system.
-+.It Pa /usr/share/ssh/blacklist. Ns Ar TYPE Ns Pa - Ns Ar LENGTH
-+If present, lists the blacklisted keys of type
-+.Ar TYPE
-+.Pf ( Dq RSA
-+or
-+.Dq DSA )
-+and bit length
-+.Ar LENGTH .
-+The format of this file is described above.
-+RSA1 keys are converted to RSA before being checked in the blacklist.
-+Note that the fingerprints of RSA1 keys are computed differently, so you
-+will not be able to find them in the blacklist by hand.
-+.It Pa /etc/ssh/blacklist. Ns Ar TYPE Ns Pa - Ns Ar LENGTH
-+Same as
-+.Pa /usr/share/ssh/blacklist. Ns Ar TYPE Ns Pa - Ns Ar LENGTH ,
-+but may be edited by the system administrator to add new blacklist entries.
-+.El
-+.Sh SEE ALSO
-+.Xr ssh-keygen 1 ,
-+.Xr sshd 8
-+.Sh AUTHORS
-+.An -nosplit
-+.An Colin Watson Aq cjwatson@ubuntu.com
-+.Pp
-+Florian Weimer suggested the option to check keys of all users, and the idea
-+of processing
-+.Xr ssh-keyscan 1
-+output.
-diff --git a/ssh-vulnkey.c b/ssh-vulnkey.c
-new file mode 100644
-index 0000000..ca1a5be
---- /dev/null
-+++ b/ssh-vulnkey.c
-@@ -0,0 +1,386 @@
-+/*
-+ * Copyright (c) 2008 Canonical Ltd.  All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the above copyright
-+ *    notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ *    notice, this list of conditions and the following disclaimer in the
-+ *    documentation and/or other materials provided with the distribution.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+ */
-+
-+#include "includes.h"
-+
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+
-+#include <errno.h>
-+#include <string.h>
-+#include <stdio.h>
-+#include <fcntl.h>
-+#include <unistd.h>
-+
-+#include <openssl/evp.h>
-+
-+#include "xmalloc.h"
-+#include "ssh.h"
-+#include "log.h"
-+#include "key.h"
-+#include "authfile.h"
-+#include "pathnames.h"
-+#include "uidswap.h"
-+#include "misc.h"
-+
-+extern char *__progname;
-+
-+/* Default files to check */
-+static char *default_host_files[] = {
-+       _PATH_HOST_RSA_KEY_FILE,
-+       _PATH_HOST_DSA_KEY_FILE,
-+       _PATH_HOST_KEY_FILE,
-+       NULL
-+};
-+static char *default_files[] = {
-+       _PATH_SSH_CLIENT_ID_RSA,
-+       _PATH_SSH_CLIENT_ID_DSA,
-+       _PATH_SSH_CLIENT_IDENTITY,
-+       _PATH_SSH_USER_PERMITTED_KEYS,
-+       _PATH_SSH_USER_PERMITTED_KEYS2,
-+       NULL
-+};
-+
-+static int verbosity = 0;
-+
-+static int some_keys = 0;
-+static int some_unknown = 0;
-+static int some_compromised = 0;
-+
-+static void
-+usage(void)
-+{
-+       fprintf(stderr, "usage: %s [-aqv] [file ...]\n", __progname);
-+       fprintf(stderr, "Options:\n");
-+       fprintf(stderr, "  -a          Check keys of all users.\n");
-+       fprintf(stderr, "  -q          Quiet mode.\n");
-+       fprintf(stderr, "  -v          Verbose mode.\n");
-+       exit(1);
-+}
-+
-+static void
-+describe_key(const char *filename, u_long linenum, const char *msg,
-+    Key *key, const char *comment, int min_verbosity)
-+{
-+       char *fp;
-+
-+       fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
-+       if (verbosity >= min_verbosity) {
-+               if (strchr(filename, ':'))
-+                       printf("\"%s\"", filename);
-+               else
-+                       printf("%s", filename);
-+               printf(":%lu: %s: %s %u %s %s\n", linenum, msg,
-+                   key_type(key), key_size(key), fp, comment);
-+       }
-+       free(fp);
-+}
-+
-+static int
-+do_key(const char *filename, u_long linenum,
-+    Key *key, const char *comment)
-+{
-+       Key *public;
-+       int blacklist_status;
-+       int ret = 1;
-+
-+       some_keys = 1;
-+
-+       public = key_demote(key);
-+       if (public->type == KEY_RSA1)
-+               public->type = KEY_RSA;
-+
-+       blacklist_status = blacklisted_key(public, NULL);
-+       if (blacklist_status == -1) {
-+               describe_key(filename, linenum,
-+                   "Unknown (blacklist file not installed)", key, comment, 0);
-+               some_unknown = 1;
-+       } else if (blacklist_status == 1) {
-+               describe_key(filename, linenum,
-+                   "COMPROMISED", key, comment, 0);
-+               some_compromised = 1;
-+               ret = 0;
-+       } else
-+               describe_key(filename, linenum,
-+                   "Not blacklisted", key, comment, 1);
-+
-+       key_free(public);
-+
-+       return ret;
-+}
-+
-+static int
-+do_filename(const char *filename, int quiet_open)
-+{
-+       FILE *f;
-+       char line[SSH_MAX_PUBKEY_BYTES];
-+       char *cp;
-+       u_long linenum = 0;
-+       Key *key;
-+       char *comment = NULL;
-+       int found = 0, ret = 1;
-+
-+       /* Copy much of key_load_public's logic here so that we can read
-+        * several keys from a single file (e.g. authorized_keys).
-+        */
-+
-+       if (strcmp(filename, "-") != 0) {
-+               int save_errno;
-+               f = fopen(filename, "r");
-+               save_errno = errno;
-+               if (!f) {
-+                       char pubfile[MAXPATHLEN];
-+                       if (strlcpy(pubfile, filename, sizeof pubfile) <
-+                           sizeof(pubfile) &&
-+                           strlcat(pubfile, ".pub", sizeof pubfile) <
-+                           sizeof(pubfile))
-+                               f = fopen(pubfile, "r");
-+               }
-+               errno = save_errno; /* earlier errno is more useful */
-+               if (!f) {
-+                       if (!quiet_open)
-+                               perror(filename);
-+                       return -1;
-+               }
-+               if (verbosity > 0)
-+                       printf("# %s\n", filename);
-+       } else
-+               f = stdin;
-+       while (read_keyfile_line(f, filename, line, sizeof(line),
-+                   &linenum) != -1) {
-+               int i;
-+               char *space;
-+               int type;
-+               char *end;
-+
-+               /* Chop trailing newline. */
-+               i = strlen(line) - 1;
-+               if (line[i] == '\n')
-+                       line[i] = '\0';
-+
-+               /* Skip leading whitespace, empty and comment lines. */
-+               for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
-+                       ;
-+               if (!*cp || *cp == '\n' || *cp == '#')
-+                       continue;
-+
-+               /* Cope with ssh-keyscan output and options in
-+                * authorized_keys files.
-+                */
-+               space = strchr(cp, ' ');
-+               if (!space)
-+                       continue;
-+               *space = '\0';
-+               type = key_type_from_name(cp);
-+               *space = ' ';
-+               /* Leading number (RSA1) or valid type (RSA/DSA) indicates
-+                * that we have no host name or options to skip.
-+                */
-+               if ((strtol(cp, &end, 10) == 0 || *end != ' ') &&
-+                   type == KEY_UNSPEC) {
-+                       int quoted = 0;
-+
-+                       for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
-+                               if (*cp == '\\' && cp[1] == '"')
-+                                       cp++;   /* Skip both */
-+                               else if (*cp == '"')
-+                                       quoted = !quoted;
-+                       }
-+                       /* Skip remaining whitespace. */
-+                       for (; *cp == ' ' || *cp == '\t'; cp++)
-+                               ;
-+                       if (!*cp)
-+                               continue;
-+               }
-+
-+               /* Read and process the key itself. */
-+               key = key_new(KEY_RSA1);
-+               if (key_read(key, &cp) == 1) {
-+                       while (*cp == ' ' || *cp == '\t')
-+                               cp++;
-+                       if (!do_key(filename, linenum,
-+                           key, *cp ? cp : filename))
-+                               ret = 0;
-+                       found = 1;
-+               } else {
-+                       key_free(key);
-+                       key = key_new(KEY_UNSPEC);
-+                       if (key_read(key, &cp) == 1) {
-+                               while (*cp == ' ' || *cp == '\t')
-+                                       cp++;
-+                               if (!do_key(filename, linenum,
-+                                   key, *cp ? cp : filename))
-+                                       ret = 0;
-+                               found = 1;
-+                       }
-+               }
-+               key_free(key);
-+       }
-+       if (f != stdin)
-+               fclose(f);
-+
-+       if (!found && filename) {
-+               key = key_load_public(filename, &comment);
-+               if (key) {
-+                       if (!do_key(filename, 1, key, comment))
-+                               ret = 0;
-+                       found = 1;
-+               }
-+               free(comment);
-+       }
-+
-+       return ret;
-+}
-+
-+static int
-+do_host(int quiet_open)
-+{
-+       int i;
-+       struct stat st;
-+       int ret = 1;
-+
-+       for (i = 0; default_host_files[i]; i++) {
-+               if (stat(default_host_files[i], &st) < 0 && errno == ENOENT)
-+                       continue;
-+               if (!do_filename(default_host_files[i], quiet_open))
-+                       ret = 0;
-+       }
-+
-+       return ret;
-+}
-+
-+static int
-+do_user(const char *dir)
-+{
-+       int i;
-+       char *file;
-+       struct stat st;
-+       int ret = 1;
-+
-+       for (i = 0; default_files[i]; i++) {
-+               xasprintf(&file, "%s/%s", dir, default_files[i]);
-+               if (stat(file, &st) < 0 && errno == ENOENT) {
-+                       free(file);
-+                       continue;
-+               }
-+               if (!do_filename(file, 0))
-+                       ret = 0;
-+               free(file);
-+       }
-+
-+       return ret;
-+}
-+
-+int
-+main(int argc, char **argv)
-+{
-+       int opt, all_users = 0;
-+       int ret = 1;
-+       extern int optind;
-+
-+       /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
-+       sanitise_stdfd();
-+
-+       __progname = ssh_get_progname(argv[0]);
-+
-+       SSLeay_add_all_algorithms();
-+       log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
-+
-+       /* We don't need the RNG ourselves, but symbol references here allow
-+        * ld to link us properly.
-+        */
-+       seed_rng();
-+
-+       while ((opt = getopt(argc, argv, "ahqv")) != -1) {
-+               switch (opt) {
-+               case 'a':
-+                       all_users = 1;
-+                       break;
-+               case 'q':
-+                       verbosity--;
-+                       break;
-+               case 'v':
-+                       verbosity++;
-+                       break;
-+               case 'h':
-+               default:
-+                       usage();
-+               }
-+       }
-+
-+       if (all_users) {
-+               struct passwd *pw;
-+
-+               if (!do_host(0))
-+                       ret = 0;
-+
-+               while ((pw = getpwent()) != NULL) {
-+                       if (pw->pw_dir) {
-+                               temporarily_use_uid(pw);
-+                               if (!do_user(pw->pw_dir))
-+                                       ret = 0;
-+                               restore_uid();
-+                       }
-+               }
-+       } else if (optind == argc) {
-+               struct passwd *pw;
-+
-+               if (!do_host(1))
-+                       ret = 0;
-+
-+               if ((pw = getpwuid(geteuid())) == NULL)
-+                       fprintf(stderr, "No user found with uid %u\n",
-+                           (u_int)geteuid());
-+               else {
-+                       if (!do_user(pw->pw_dir))
-+                               ret = 0;
-+               }
-+       } else {
-+               while (optind < argc)
-+                       if (!do_filename(argv[optind++], 0))
-+                               ret = 0;
-+       }
-+
-+       if (verbosity >= 0) {
-+               if (some_unknown) {
-+                       printf("#\n");
-+                       printf("# The status of some keys on your system is unknown.\n");
-+                       printf("# You may need to install additional blacklist files.\n");
-+               }
-+               if (some_compromised) {
-+                       printf("#\n");
-+                       printf("# Some keys on your system have been compromised!\n");
-+                       printf("# You must replace them using ssh-keygen(1).\n");
-+               }
-+               if (some_unknown || some_compromised) {
-+                       printf("#\n");
-+                       printf("# See the ssh-vulnkey(1) manual page for further advice.\n");
-+               } else if (some_keys && verbosity > 0) {
-+                       printf("#\n");
-+                       printf("# No blacklisted keys!\n");
-+               }
-+       }
-+
-+       return ret;
-+}
-diff --git a/ssh.1 b/ssh.1
-index 62292cc..66a7007 100644
---- a/ssh.1
-+++ b/ssh.1
-@@ -1447,6 +1447,7 @@ if an error occurred.
- .Xr ssh-agent 1 ,
- .Xr ssh-keygen 1 ,
- .Xr ssh-keyscan 1 ,
-+.Xr ssh-vulnkey 1 ,
- .Xr tun 4 ,
- .Xr hosts.equiv 5 ,
- .Xr ssh_config 5 ,
-diff --git a/ssh.c b/ssh.c
-index 87233bc..567248d 100644
---- a/ssh.c
-+++ b/ssh.c
-@@ -1525,7 +1525,7 @@ ssh_session2(void)
- static void
- load_public_identity_files(void)
- {
--       char *filename, *cp, thishost[NI_MAXHOST];
-+       char *filename, *cp, thishost[NI_MAXHOST], *fp;
-        char *pwdir = NULL, *pwname = NULL;
-        int i = 0;
-        Key *public;
-@@ -1583,6 +1583,22 @@ load_public_identity_files(void)
-                public = key_load_public(filename, NULL);
-                debug("identity file %s type %d", filename,
-                    public ? public->type : -1);
-+               if (public && blacklisted_key(public, &fp) == 1) {
-+                       if (options.use_blacklisted_keys)
-+                               logit("Public key %s blacklisted (see "
-+                                   "ssh-vulnkey(1)); continuing anyway", fp);
-+                       else
-+                               logit("Public key %s blacklisted (see "
-+                                   "ssh-vulnkey(1)); refusing to send it",
-+                                   fp);
-+                       free(fp);
-+                       if (!options.use_blacklisted_keys) {
-+                               key_free(public);
-+                               free(filename);
-+                               filename = NULL;
-+                               public = NULL;
-+                       }
-+               }
-                free(options.identity_files[i]);
-                identity_files[n_ids] = filename;
-                identity_keys[n_ids] = public;
-diff --git a/ssh_config.5 b/ssh_config.5
-index e72919a..8d806c7 100644
---- a/ssh_config.5
-+++ b/ssh_config.5
-@@ -1229,6 +1229,23 @@ is not specified, it defaults to
- .Dq any .
- The default is
- .Dq any:any .
-+.It Cm UseBlacklistedKeys
-+Specifies whether
-+.Xr ssh 1
-+should use keys recorded in its blacklist of known-compromised keys (see
-+.Xr ssh-vulnkey 1 )
-+for authentication.
-+If
-+.Dq yes ,
-+then attempts to use compromised keys for authentication will be logged but
-+accepted.
-+It is strongly recommended that this be used only to install new authorized
-+keys on the remote system, and even then only with the utmost care.
-+If
-+.Dq no ,
-+then attempts to use compromised keys for authentication will be prevented.
-+The default is
-+.Dq no .
- .It Cm UsePrivilegedPort
- Specifies whether to use a privileged port for outgoing connections.
- The argument must be
-diff --git a/sshconnect2.c b/sshconnect2.c
-index 0b13530..93818c9 100644
---- a/sshconnect2.c
-+++ b/sshconnect2.c
-@@ -1491,6 +1491,8 @@ pubkey_prepare(Authctxt *authctxt)
- 
-        /* list of keys stored in the filesystem and PKCS#11 */
-        for (i = 0; i < options.num_identity_files; i++) {
-+               if (options.identity_files[i] == NULL)
-+                       continue;
-                key = options.identity_keys[i];
-                if (key && key->type == KEY_RSA1)
-                        continue;
-@@ -1608,7 +1610,7 @@ userauth_pubkey(Authctxt *authctxt)
-                        debug("Offering %s public key: %s", key_type(id->key),
-                            id->filename);
-                        sent = send_pubkey_test(authctxt, id);
--               } else if (id->key == NULL) {
-+               } else if (id->key == NULL && id->filename) {
-                        debug("Trying private key: %s", id->filename);
-                        id->key = load_identity_file(id->filename,
-                            id->userprovided);
-diff --git a/sshd.8 b/sshd.8
-index b0c7ab6..a604429 100644
---- a/sshd.8
-+++ b/sshd.8
-@@ -954,6 +954,7 @@ The content of this file is not sensitive; it can be world-readable.
- .Xr ssh-agent 1 ,
- .Xr ssh-keygen 1 ,
- .Xr ssh-keyscan 1 ,
-+.Xr ssh-vulnkey 1 ,
- .Xr chroot 2 ,
- .Xr hosts_access 5 ,
- .Xr login.conf 5 ,
-diff --git a/sshd.c b/sshd.c
-index e5c9835..fbe3284 100644
---- a/sshd.c
-+++ b/sshd.c
-@@ -1688,6 +1688,11 @@ main(int ac, char **av)
-                        sensitive_data.host_pubkeys[i] = NULL;
-                        continue;
-                }
-+               if (auth_key_is_revoked(key != NULL ? key : pubkey, 1)) {
-+                       sensitive_data.host_keys[i] = NULL;
-+                       sensitive_data.host_pubkeys[i] = NULL;
-+                       continue;
-+               }
- 
-                switch (keytype) {
-                case KEY_RSA1:
-diff --git a/sshd_config.5 b/sshd_config.5
-index 525d9c8..18ec81f 100644
---- a/sshd_config.5
-+++ b/sshd_config.5
-@@ -885,6 +885,20 @@ are refused if the number of unauthenticated connections reaches
- Specifies whether password authentication is allowed.
- The default is
- .Dq yes .
-+.It Cm PermitBlacklistedKeys
-+Specifies whether
-+.Xr sshd 8
-+should allow keys recorded in its blacklist of known-compromised keys (see
-+.Xr ssh-vulnkey 1 ) .
-+If
-+.Dq yes ,
-+then attempts to authenticate with compromised keys will be logged but
-+accepted.
-+If
-+.Dq no ,
-+then attempts to authenticate with compromised keys will be rejected.
-+The default is
-+.Dq no .
- .It Cm PermitEmptyPasswords
- When password authentication is allowed, it specifies whether the
- server allows login to accounts with empty password strings.
diff --git a/debian/patches/ssh1-keepalive.patch b/debian/patches/ssh1-keepalive.patch
index e563bda7c..1ab818a37 100644
--- a/debian/patches/ssh1-keepalive.patch
+++ b/debian/patches/ssh1-keepalive.patch
@@ -1,4 +1,4 @@
-From 4c7ed5c80e5f67277620ac973317cc516b67d0e7 Mon Sep 17 00:00:00 2001
+From 3d498ae4180b8338db5f960865882b3f781aec2a Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:09:51 +0000
 Subject: Partial server keep-alive implementation for SSH1
@@ -57,7 +57,7 @@ index 311dc13..dc76d69 100644
                 server_alive_time = now + options.server_alive_interval;
         }
 diff --git a/ssh_config.5 b/ssh_config.5
-index 8d806c7..89b25cd 100644
+index e72919a..1fc0a6b 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
 @@ -1130,7 +1130,10 @@ If, for example,
diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch
index a1eaa7513..40b26d002 100644
--- a/debian/patches/syslog-level-silent.patch
+++ b/debian/patches/syslog-level-silent.patch
@@ -1,4 +1,4 @@
-From bbddcd71a027a33919f859f35dae800335a2de6a Mon Sep 17 00:00:00 2001
+From b8a355b5db58dc489fca181e333dacf5e14f4f1d Mon Sep 17 00:00:00 2001
 From: Jonathan David Amery <jdamery@ysolde.ucam.org>
 Date: Sun, 9 Feb 2014 16:09:54 +0000
 Subject: "LogLevel SILENT" compatibility
@@ -33,7 +33,7 @@ index 32e1d2e..53e7b65 100644
         { "FATAL",      SYSLOG_LEVEL_FATAL },
         { "ERROR",      SYSLOG_LEVEL_ERROR },
 diff --git a/ssh.c b/ssh.c
-index 567248d..219a466 100644
+index 87233bc..5502889 100644
 --- a/ssh.c
 +++ b/ssh.c
 @@ -740,7 +740,7 @@ main(int ac, char **av)
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
index 9382d5086..cfc14523a 100644
--- a/debian/patches/user-group-modes.patch
+++ b/debian/patches/user-group-modes.patch
@@ -1,4 +1,4 @@
-From 7016a7e8a6b854833132db253fd5e392984bd4ea Mon Sep 17 00:00:00 2001
+From 2bb37315c1e077bc176e703fbf0028a1f6315d37 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:09:58 +0000
 Subject: Allow harmless group-writability
@@ -52,10 +52,10 @@ index 06ae7f0..f202787 100644
                             pw->pw_name, buf);
                         auth_debug_add("Bad file modes for %.200s", buf);
 diff --git a/auth.c b/auth.c
-index 6662e9a..7f6c6c8 100644
+index 9a36f1d..0c45f09 100644
 --- a/auth.c
 +++ b/auth.c
-@@ -408,8 +408,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
+@@ -407,8 +407,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
                 user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
                 if (options.strict_modes &&
                     (stat(user_hostfile, &st) == 0) &&
@@ -65,7 +65,7 @@ index 6662e9a..7f6c6c8 100644
                         logit("Authentication refused for %.100s: "
                             "bad owner or modes for %.200s",
                             pw->pw_name, user_hostfile);
-@@ -471,8 +470,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
+@@ -470,8 +469,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
                 snprintf(err, errlen, "%s is not a regular file", buf);
                 return -1;
         }
@@ -75,7 +75,7 @@ index 6662e9a..7f6c6c8 100644
                 snprintf(err, errlen, "bad ownership or modes for file %s",
                     buf);
                 return -1;
-@@ -487,8 +485,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
+@@ -486,8 +484,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
                 strlcpy(buf, cp, sizeof(buf));
  
                 if (stat(buf, &st) < 0 ||
@@ -216,7 +216,7 @@ index a962f15..0b3bee1 100644
 -       return 0;
 -}
 diff --git a/readconf.c b/readconf.c
-index 2dcbf31..389de7d 100644
+index dab7963..c741934 100644
 --- a/readconf.c
 +++ b/readconf.c
 @@ -30,6 +30,8 @@
@@ -228,7 +228,7 @@ index 2dcbf31..389de7d 100644
  #ifdef HAVE_UTIL_H
  #include <util.h>
  #endif
-@@ -1160,8 +1162,7 @@ read_config_file(const char *filename, const char *host, Options *options,
+@@ -1155,8 +1157,7 @@ read_config_file(const char *filename, const char *host, Options *options,
  
                 if (fstat(fileno(f), &sb) == -1)
                         fatal("fstat %s: %s", filename, strerror(errno));
@@ -239,7 +239,7 @@ index 2dcbf31..389de7d 100644
         }
  
 diff --git a/ssh.1 b/ssh.1
-index 66a7007..0b38ae1 100644
+index 62292cc..05ae6ad 100644
 --- a/ssh.1
 +++ b/ssh.1
 @@ -1338,6 +1338,8 @@ The file format and configuration options are described in
@@ -252,10 +252,10 @@ index 66a7007..0b38ae1 100644
  .It Pa ~/.ssh/environment
  Contains additional definitions for environment variables; see
 diff --git a/ssh_config.5 b/ssh_config.5
-index 135d833..1497cfc 100644
+index 6948680..a1e18d2 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -1382,6 +1382,8 @@ The format of this file is described above.
+@@ -1365,6 +1365,8 @@ The format of this file is described above.
  This file is used by the SSH client.
  Because of the potential for abuse, this file must have strict permissions:
  read/write for the user, and not accessible by others.