diff options
author | Colin Watson <cjwatson@debian.org> | 2014-02-09 23:45:24 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2014-02-09 23:47:26 +0000 |
commit | d62fa90d496ae9532d8c1426b177e12d3c5ac03b (patch) | |
tree | 3179fea9631a318c8a0782dedc7cd690f201af69 /sshd_config.5 | |
parent | d26565af8589d88f824b26f31da493f1056efcf4 (diff) | |
parent | b65a0ded7a8cfe7d351e28266d7851216d679e05 (diff) |
Drop ssh-vulnkey
Drop ssh-vulnkey and the associated ssh/ssh-add/sshd integration
code, leaving only basic configuration file compatibility, since it
has been nearly six years since the original vulnerability and this
code is not likely to be of much value any more. See
https://lists.debian.org/debian-devel/2013/09/msg00240.html for my
full reasoning.
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 14 |
1 files changed, 0 insertions, 14 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index faf93fc90..ca4cb193a 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -916,20 +916,6 @@ are refused if the number of unauthenticated connections reaches | |||
916 | Specifies whether password authentication is allowed. | 916 | Specifies whether password authentication is allowed. |
917 | The default is | 917 | The default is |
918 | .Dq yes . | 918 | .Dq yes . |
919 | .It Cm PermitBlacklistedKeys | ||
920 | Specifies whether | ||
921 | .Xr sshd 8 | ||
922 | should allow keys recorded in its blacklist of known-compromised keys (see | ||
923 | .Xr ssh-vulnkey 1 ) . | ||
924 | If | ||
925 | .Dq yes , | ||
926 | then attempts to authenticate with compromised keys will be logged but | ||
927 | accepted. | ||
928 | If | ||
929 | .Dq no , | ||
930 | then attempts to authenticate with compromised keys will be rejected. | ||
931 | The default is | ||
932 | .Dq no . | ||
933 | .It Cm PermitEmptyPasswords | 919 | .It Cm PermitEmptyPasswords |
934 | When password authentication is allowed, it specifies whether the | 920 | When password authentication is allowed, it specifies whether the |
935 | server allows login to accounts with empty password strings. | 921 | server allows login to accounts with empty password strings. |