diff options
author | Colin Watson <cjwatson@debian.org> | 2014-02-09 23:45:24 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2014-02-09 23:47:26 +0000 |
commit | d62fa90d496ae9532d8c1426b177e12d3c5ac03b (patch) | |
tree | 3179fea9631a318c8a0782dedc7cd690f201af69 /ssh_config.5 | |
parent | d26565af8589d88f824b26f31da493f1056efcf4 (diff) | |
parent | b65a0ded7a8cfe7d351e28266d7851216d679e05 (diff) |
Drop ssh-vulnkey
Drop ssh-vulnkey and the associated ssh/ssh-add/sshd integration
code, leaving only basic configuration file compatibility, since it
has been nearly six years since the original vulnerability and this
code is not likely to be of much value any more. See
https://lists.debian.org/debian-devel/2013/09/msg00240.html for my
full reasoning.
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 17 |
1 files changed, 0 insertions, 17 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 127540a60..01e7b6f23 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -1269,23 +1269,6 @@ is not specified, it defaults to | |||
1269 | .Dq any . | 1269 | .Dq any . |
1270 | The default is | 1270 | The default is |
1271 | .Dq any:any . | 1271 | .Dq any:any . |
1272 | .It Cm UseBlacklistedKeys | ||
1273 | Specifies whether | ||
1274 | .Xr ssh 1 | ||
1275 | should use keys recorded in its blacklist of known-compromised keys (see | ||
1276 | .Xr ssh-vulnkey 1 ) | ||
1277 | for authentication. | ||
1278 | If | ||
1279 | .Dq yes , | ||
1280 | then attempts to use compromised keys for authentication will be logged but | ||
1281 | accepted. | ||
1282 | It is strongly recommended that this be used only to install new authorized | ||
1283 | keys on the remote system, and even then only with the utmost care. | ||
1284 | If | ||
1285 | .Dq no , | ||
1286 | then attempts to use compromised keys for authentication will be prevented. | ||
1287 | The default is | ||
1288 | .Dq no . | ||
1289 | .It Cm UsePrivilegedPort | 1272 | .It Cm UsePrivilegedPort |
1290 | Specifies whether to use a privileged port for outgoing connections. | 1273 | Specifies whether to use a privileged port for outgoing connections. |
1291 | The argument must be | 1274 | The argument must be |