diff options
author | Colin Watson <cjwatson@debian.org> | 2008-05-12 23:33:01 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2008-05-12 23:33:01 +0000 |
commit | 47608c17e64138f8d16aa2bdc49a0eb00e1c3549 (patch) | |
tree | 92572d90b9aa8f45c0d9e6dbb185065667fdcea0 /servconf.h | |
parent | 19ccea525446d5a3c2a176d813c505be81b91cbf (diff) |
* Mitigate OpenSSL security vulnerability:
- Add key blacklisting support. Keys listed in
/etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by
sshd, unless "PermitBlacklistedKeys yes" is set in
/etc/ssh/sshd_config.
- Add a new program, ssh-vulnkey, which can be used to check keys
against these blacklists.
- Depend on openssh-blacklist.
- Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least
0.9.8g-9.
- Automatically regenerate known-compromised host keys, with a
critical-priority debconf note. (I regret that there was no time to
gather translations.)
Diffstat (limited to 'servconf.h')
-rw-r--r-- | servconf.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/servconf.h b/servconf.h index 257de1c8b..be42e9f60 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -94,6 +94,7 @@ typedef struct { | |||
94 | * authentication. */ | 94 | * authentication. */ |
95 | int kbd_interactive_authentication; /* If true, permit */ | 95 | int kbd_interactive_authentication; /* If true, permit */ |
96 | int challenge_response_authentication; | 96 | int challenge_response_authentication; |
97 | int permit_blacklisted_keys; /* If true, permit */ | ||
97 | int permit_empty_passwd; /* If false, do not permit empty | 98 | int permit_empty_passwd; /* If false, do not permit empty |
98 | * passwords. */ | 99 | * passwords. */ |
99 | int permit_user_env; /* If true, read ~/.ssh/environment */ | 100 | int permit_user_env; /* If true, read ~/.ssh/environment */ |