diff options
| author | Colin Watson <cjwatson@debian.org> | 2008-05-12 23:33:01 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2008-05-12 23:33:01 +0000 |
| commit | 47608c17e64138f8d16aa2bdc49a0eb00e1c3549 (patch) | |
| tree | 92572d90b9aa8f45c0d9e6dbb185065667fdcea0 /pathnames.h | |
| parent | 19ccea525446d5a3c2a176d813c505be81b91cbf (diff) | |
* Mitigate OpenSSL security vulnerability:
- Add key blacklisting support. Keys listed in
/etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by
sshd, unless "PermitBlacklistedKeys yes" is set in
/etc/ssh/sshd_config.
- Add a new program, ssh-vulnkey, which can be used to check keys
against these blacklists.
- Depend on openssh-blacklist.
- Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least
0.9.8g-9.
- Automatically regenerate known-compromised host keys, with a
critical-priority debconf note. (I regret that there was no time to
gather translations.)
Diffstat (limited to 'pathnames.h')
| -rw-r--r-- | pathnames.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/pathnames.h b/pathnames.h index f2571e274..8886e8edd 100644 --- a/pathnames.h +++ b/pathnames.h | |||
| @@ -43,6 +43,8 @@ | |||
| 43 | /* Backwards compatibility */ | 43 | /* Backwards compatibility */ |
| 44 | #define _PATH_DH_PRIMES SSHDIR "/primes" | 44 | #define _PATH_DH_PRIMES SSHDIR "/primes" |
| 45 | 45 | ||
| 46 | #define _PATH_BLACKLIST SSHDIR "/blacklist" | ||
| 47 | |||
| 46 | #ifndef _PATH_SSH_PROGRAM | 48 | #ifndef _PATH_SSH_PROGRAM |
| 47 | #define _PATH_SSH_PROGRAM "/usr/bin/ssh" | 49 | #define _PATH_SSH_PROGRAM "/usr/bin/ssh" |
| 48 | #endif | 50 | #endif |