Reject vulnerable keys to mitigate Debian OpenSSL flaw

In 2008, Debian (and derived distributions such as Ubuntu) shipped an OpenSSL package with a flawed random number generator, causing OpenSSH to generate only a very limited set of keys which were subject to private half precomputation. To mitigate this, this patch checks key authentications against a blacklist of known-vulnerable keys, and adds a new ssh-vulnkey program which can be used to explicitly check keys against that blacklist. See CVE-2008-0166. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1469 Last-Update: 2013-09-14 Patch-Name: ssh-vulnkey.patch
author: Colin Watson <cjwatson@ubuntu.com> 2014-02-09 16:09:50 +0000
committer: Colin Watson <cjwatson@debian.org> 2014-02-09 16:17:31 +0000
commit: 8909ff0e3cd07d1b042d1be1c8b8828dbf6c9a83 (patch)
tree: ebee4092f1411059e34da6f66b4ebd64f4411020 /ssh_config.5
parent: 07f2a771c490bd68cd5c5ea9c535705e93bd94f3 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index e72919a89..8d806c701 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1229,6 +1229,23 @@ is not specified, it defaults to
 .Dq any .
 The default is
 .Dq any:any .
+.It Cm UseBlacklistedKeys
+Specifies whether
+.Xr ssh 1
+should use keys recorded in its blacklist of known-compromised keys (see
+.Xr ssh-vulnkey 1 )
+for authentication.
+If
+.Dq yes ,
+then attempts to use compromised keys for authentication will be logged but
+accepted.
+It is strongly recommended that this be used only to install new authorized
+keys on the remote system, and even then only with the utmost care.
+If
+.Dq no ,
+then attempts to use compromised keys for authentication will be prevented.
+The default is
+.Dq no .
 .It Cm UsePrivilegedPort
 Specifies whether to use a privileged port for outgoing connections.
 The argument must be
author	Colin Watson <cjwatson@ubuntu.com>	2014-02-09 16:09:50 +0000
committer	Colin Watson <cjwatson@debian.org>	2014-02-09 16:17:31 +0000
commit	8909ff0e3cd07d1b042d1be1c8b8828dbf6c9a83 (patch)
tree	ebee4092f1411059e34da6f66b4ebd64f4411020 /ssh_config.5
parent	07f2a771c490bd68cd5c5ea9c535705e93bd94f3 (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index e72919a89..8d806c701 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -1229,6 +1229,23 @@ is not specified, it defaults to
1229	.Dq any .	1229	.Dq any .
1230	The default is	1230	The default is
1231	.Dq any:any .	1231	.Dq any:any .
		1232	.It Cm UseBlacklistedKeys
		1233	Specifies whether
		1234	.Xr ssh 1
		1235	should use keys recorded in its blacklist of known-compromised keys (see
		1236	.Xr ssh-vulnkey 1 )
		1237	for authentication.
		1238	If
		1239	.Dq yes ,
		1240	then attempts to use compromised keys for authentication will be logged but
		1241	accepted.
		1242	It is strongly recommended that this be used only to install new authorized
		1243	keys on the remote system, and even then only with the utmost care.
		1244	If
		1245	.Dq no ,
		1246	then attempts to use compromised keys for authentication will be prevented.
		1247	The default is
		1248	.Dq no .
1232	.It Cm UsePrivilegedPort	1249	.It Cm UsePrivilegedPort
1233	Specifies whether to use a privileged port for outgoing connections.	1250	Specifies whether to use a privileged port for outgoing connections.
1234	The argument must be	1251	The argument must be