60 files changed, 152 insertions, 2589 deletions

diff --git a/Makefile.in b/Makefile.in
index 839abbd48..095f4ff32 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -26,7 +26,6 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
 SFTP_SERVER=$(libexecdir)/sftp-server
 SSH_KEYSIGN=$(libexecdir)/ssh-keysign
 SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
-SSH_DATADIR=$(datadir)/ssh
 PRIVSEP_PATH=@PRIVSEP_PATH@
 SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
 STRIP_OPT=@STRIP_OPT@
@@ -38,8 +37,7 @@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \
         -D_PATH_SSH_KEY_SIGN=\"$(SSH_KEYSIGN)\" \
         -D_PATH_SSH_PKCS11_HELPER=\"$(SSH_PKCS11_HELPER)\" \
         -D_PATH_SSH_PIDDIR=\"$(piddir)\" \
-        -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\" \
-        -D_PATH_SSH_DATADIR=\"$(SSH_DATADIR)\"
+        -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\"
 
 CC=@CC@
 LD=@LD@
@@ -63,7 +61,7 @@ LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
 EXEEXT=@EXEEXT@
 MANFMT=@MANFMT@
 
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-vulnkey$(EXEEXT)
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
 
 LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \
         canohost.o channels.o cipher.o cipher-aes.o \
@@ -99,8 +97,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
         sandbox-seccomp-filter.o \
         consolekit.o
 
-MANPAGES        = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-vulnkey.1.out sshd_config.5.out ssh_config.5.out
-MANPAGES_IN     = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-vulnkey.1 sshd_config.5 ssh_config.5
+MANPAGES        = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
+MANPAGES_IN     = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
 MANTYPE         = @MANTYPE@
 
 CONFIGFILES=sshd_config.out ssh_config.out moduli.out
@@ -179,9 +177,6 @@ sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o s
 sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
         $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
 
-ssh-vulnkey$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-vulnkey.o
-        $(LD) -o $@ ssh-vulnkey.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-
 # test driver for the loginrec code - not built by default
 logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
         $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)
@@ -278,7 +273,6 @@ install-files:
         $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
         $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
         $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
-        $(INSTALL) -m 0755 $(STRIP_OPT) ssh-vulnkey$(EXEEXT) $(DESTDIR)$(bindir)/ssh-vulnkey$(EXEEXT)
         $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
         $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
         $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
@@ -294,7 +288,6 @@ install-files:
         $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
         $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
         $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
-        $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1
         -rm -f $(DESTDIR)$(bindir)/slogin
         ln -s ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
         -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
@@ -376,7 +369,6 @@ uninstall:
         -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT)
         -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
         -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
-        -rm -f $(DESTDIR)$(bindir)/ssh-vulnkey$(EXEEXT)
         -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT)
         -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
         -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
@@ -389,7 +381,6 @@ uninstall:
         -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
         -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
         -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
-        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1
         -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
         -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
         -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index 891ec3297..b21a0f4a2 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -44,7 +44,7 @@ auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost,
 {
         HostStatus host_status;
 
-        if (auth_key_is_revoked(client_host_key, 0))
+        if (auth_key_is_revoked(client_host_key))
                 return 0;
 
         /* Check if we would accept it using rhosts authentication. */
diff --git a/auth-rsa.c b/auth-rsa.c
index 9b139c928..4624c1597 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -239,7 +239,7 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file,
                 free(fp);
 
                 /* Never accept a revoked key */
-                if (auth_key_is_revoked(key, 0))
+                if (auth_key_is_revoked(key))
                         break;
 
                 /* We have found the desired key. */
diff --git a/auth.c b/auth.c
index 7f6c6c8ad..0c45f0954 100644
--- a/auth.c
+++ b/auth.c
@@ -59,7 +59,6 @@
 #include "servconf.h"
 #include "key.h"
 #include "hostfile.h"
-#include "authfile.h"
 #include "auth.h"
 #include "auth-options.h"
 #include "canohost.h"
@@ -655,34 +654,10 @@ getpwnamallow(const char *user)
 
 /* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */
 int
-auth_key_is_revoked(Key *key, int hostkey)
+auth_key_is_revoked(Key *key)
 {
         char *key_fp;
 
-        if (blacklisted_key(key, &key_fp) == 1) {
-                if (options.permit_blacklisted_keys) {
-                        if (hostkey)
-                                error("Host key %s blacklisted (see "
-                                    "ssh-vulnkey(1)); continuing anyway",
-                                    key_fp);
-                        else
-                                logit("Public key %s from %s blacklisted (see "
-                                    "ssh-vulnkey(1)); continuing anyway",
-                                    key_fp, get_remote_ipaddr());
-                        free(key_fp);
-                } else {
-                        if (hostkey)
-                                error("Host key %s blacklisted (see "
-                                    "ssh-vulnkey(1))", key_fp);
-                        else
-                                logit("Public key %s from %s blacklisted (see "
-                                    "ssh-vulnkey(1))",
-                                    key_fp, get_remote_ipaddr());
-                        free(key_fp);
-                        return 1;
-                }
-        }
-
         if (options.revoked_keys_file == NULL)
                 return 0;
         switch (ssh_krl_file_contains_key(options.revoked_keys_file, key)) {
diff --git a/auth.h b/auth.h
index ec95460cf..5b6824f71 100644
--- a/auth.h
+++ b/auth.h
@@ -191,7 +191,7 @@ char	*authorized_principals_file(struct passwd *);
 
 FILE    *auth_openkeyfile(const char *, struct passwd *, int);
 FILE    *auth_openprincipals(const char *, struct passwd *, int);
-int      auth_key_is_revoked(Key *, int);
+int      auth_key_is_revoked(Key *);
 
 HostStatus
 check_key_in_hostfiles(struct passwd *, Key *, const char *,
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index 3a17f1bf2..a344dcc1f 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -150,7 +150,7 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
         int len;
         char *fp;
 
-        if (auth_key_is_revoked(key, 0))
+        if (auth_key_is_revoked(key))
                 return 0;
 
         resolvedname = get_canonical_hostname(options.use_dns);
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 7c0ceee55..4d87f4867 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -650,10 +650,9 @@ user_key_allowed(struct passwd *pw, Key *key)
         u_int success, i;
         char *file;
 
-        if (auth_key_is_revoked(key, 0))
+        if (auth_key_is_revoked(key))
                 return 0;
-        if (key_is_cert(key) &&
-            auth_key_is_revoked(key->cert->signature_key, 0))
+        if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
                 return 0;
 
         success = user_cert_trusted_ca(pw, key);
diff --git a/authfile.c b/authfile.c
index 983359157..63ae16bbd 100644
--- a/authfile.c
+++ b/authfile.c
@@ -68,7 +68,6 @@
 #include "rsa.h"
 #include "misc.h"
 #include "atomicio.h"
-#include "pathnames.h"
 
 #define MAX_KEY_FILE_SIZE       (1024 * 1024)
 
@@ -945,138 +944,3 @@ key_in_file(Key *key, const char *filename, int strict_type)
         return ret;
 }
 
-/* Scan a blacklist of known-vulnerable keys in blacklist_file. */
-static int
-blacklisted_key_in_file(Key *key, const char *blacklist_file, char **fp)
-{
-        int fd = -1;
-        char *dgst_hex = NULL;
-        char *dgst_packed = NULL, *p;
-        int i;
-        size_t line_len;
-        struct stat st;
-        char buf[256];
-        off_t start, lower, upper;
-        int ret = 0;
-
-        debug("Checking blacklist file %s", blacklist_file);
-        fd = open(blacklist_file, O_RDONLY);
-        if (fd < 0) {
-                ret = -1;
-                goto out;
-        }
-
-        dgst_hex = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
-        /* Remove all colons */
-        dgst_packed = xcalloc(1, strlen(dgst_hex) + 1);
-        for (i = 0, p = dgst_packed; dgst_hex[i]; i++)
-                if (dgst_hex[i] != ':')
-                        *p++ = dgst_hex[i];
-        /* Only compare least-significant 80 bits (to keep the blacklist
-         * size down)
-         */
-        line_len = strlen(dgst_packed + 12);
-        if (line_len > 32)
-                goto out;
-
-        /* Skip leading comments */
-        start = 0;
-        for (;;) {
-                ssize_t r;
-                char *newline;
-
-                r = atomicio(read, fd, buf, sizeof(buf));
-                if (r <= 0)
-                        goto out;
-                if (buf[0] != '#')
-                        break;
-
-                newline = memchr(buf, '\n', sizeof(buf));
-                if (!newline)
-                        goto out;
-                start += newline + 1 - buf;
-                if (lseek(fd, start, SEEK_SET) < 0)
-                        goto out;
-        }
-
-        /* Initialise binary search record numbers */
-        if (fstat(fd, &st) < 0)
-                goto out;
-        lower = 0;
-        upper = (st.st_size - start) / (line_len + 1);
-
-        while (lower != upper) {
-                off_t cur;
-                int cmp;
-
-                cur = lower + (upper - lower) / 2;
-
-                /* Read this line and compare to digest; this is
-                 * overflow-safe since cur < max(off_t) / (line_len + 1) */
-                if (lseek(fd, start + cur * (line_len + 1), SEEK_SET) < 0)
-                        break;
-                if (atomicio(read, fd, buf, line_len) != line_len)
-                        break;
-                cmp = memcmp(buf, dgst_packed + 12, line_len);
-                if (cmp < 0) {
-                        if (cur == lower)
-                                break;
-                        lower = cur;
-                } else if (cmp > 0) {
-                        if (cur == upper)
-                                break;
-                        upper = cur;
-                } else {
-                        debug("Found %s in blacklist", dgst_hex);
-                        ret = 1;
-                        break;
-                }
-        }
-
-out:
-        free(dgst_packed);
-        if (ret != 1 && dgst_hex) {
-                free(dgst_hex);
-                dgst_hex = NULL;
-        }
-        if (fp)
-                *fp = dgst_hex;
-        if (fd >= 0)
-                close(fd);
-        return ret;
-}
-
-/*
- * Scan blacklists of known-vulnerable keys. If a vulnerable key is found,
- * its fingerprint is returned in *fp, unless fp is NULL.
- */
-int
-blacklisted_key(Key *key, char **fp)
-{
-        Key *public;
-        char *blacklist_file;
-        int ret, ret2;
-
-        public = key_demote(key);
-        if (public->type == KEY_RSA1)
-                public->type = KEY_RSA;
-
-        xasprintf(&blacklist_file, "%s.%s-%u",
-            _PATH_BLACKLIST, key_type(public), key_size(public));
-        ret = blacklisted_key_in_file(public, blacklist_file, fp);
-        free(blacklist_file);
-        if (ret > 0) {
-                key_free(public);
-                return ret;
-        }
-
-        xasprintf(&blacklist_file, "%s.%s-%u",
-            _PATH_BLACKLIST_CONFIG, key_type(public), key_size(public));
-        ret2 = blacklisted_key_in_file(public, blacklist_file, fp);
-        free(blacklist_file);
-        if (ret2 > ret)
-                ret = ret2;
-
-        key_free(public);
-        return ret;
-}
diff --git a/authfile.h b/authfile.h
index 3f2bdcb06..78349beb5 100644
--- a/authfile.h
+++ b/authfile.h
@@ -28,6 +28,4 @@ Key	*key_load_private_pem(int, int, const char *, char **);
 int      key_perm_ok(int, const char *);
 int      key_in_file(Key *, const char *, int);
 
-int      blacklisted_key(Key *key, char **fp);
-
 #endif
diff --git a/debian/.git-dpm b/debian/.git-dpm
index e19ae3f8a..ae624532a 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-bb5616c94d6d6b97890e90dd01a7ad07c663dc0b
-bb5616c94d6d6b97890e90dd01a7ad07c663dc0b
+b65a0ded7a8cfe7d351e28266d7851216d679e05
+b65a0ded7a8cfe7d351e28266d7851216d679e05
 ee196dab7c5f97f0b80c8099343a375bead92010
 ee196dab7c5f97f0b80c8099343a375bead92010
 openssh_6.4p1.orig.tar.gz
diff --git a/debian/README.compromised-keys b/debian/README.compromised-keys
deleted file mode 100644
index 7a9cb7657..000000000
--- a/debian/README.compromised-keys
+++ /dev/null
@@ -1,167 +0,0 @@
-The following instructions relate to CVE-2008-0166. They were prepared by
-Matt Zimmerman, assisted by Colin Watson.
-
-== What Happened ==
-
-A weakness has been discovered in the random number generator used by OpenSSL
-on Debian and Ubuntu systems.  As a result of this weakness, certain encryption
-keys are much more common than they should be, such that an attacker could
-guess the key through a brute-force attack given minimal knowledge of the
-system.  This particularly affects the use of encryption keys in OpenSSH,
-OpenVPN and SSL certificates.
-
-This vulnerability only affects operating systems which (like Ubuntu) are based
-on Debian.  However, other systems can be indirectly affected if weak keys are
-imported into them.
-
-We consider this an extremely serious vulnerability, and urge all users to act
-immediately to secure their systems.
-
-== Who is affected ==
-
-Systems which are running any of the following releases:
-
- * Debian 4.0 (etch)
- * Ubuntu 7.04 (Feisty)
- * Ubuntu 7.10 (Gutsy)
- * Ubuntu 8.04 LTS (Hardy)
- * Ubuntu "Intrepid Ibex" (development): libssl <= 0.9.8g-8
-
-and have openssh-server installed or have been used to create an OpenSSH key or
-X.509 (SSL) certificate.
-
-All OpenSSH and X.509 keys generated on such systems must be considered
-untrustworthy, regardless of the system on which they are used, even after the
-update has been applied.
-
-This includes the automatically generated host keys used by OpenSSH, which are
-the basis for its server spoofing and man-in-the-middle protection.
-
-The specific package versions affected are:
-
- * Debian 4.0: libssl <= 0.9.8c-4etch3
- * Ubuntu 7.04: libssl <= 0.9.8c-4ubuntu0.2
- * Ubuntu 7.10: libssl <= 0.9.8e-5ubuntu3.1
- * Ubuntu 8.04: libssl <= 0.9.8g-4ubuntu3
-
-== What to do if you are affected ==
-
-OpenSSH:
-
-1. Install the security updates
-
-   Once the update is applied, weak user keys will be automatically rejected
-   where possible (though they cannot be detected in all cases).  If you are
-   using such keys for user authentication, they will immediately stop working
-   and will need to be replaced (see step 3).
-   
-   OpenSSH host keys can be automatically regenerated when the OpenSSH security
-   update is applied.  The update will prompt for confirmation before taking
-   this step.
-   
-2. Update OpenSSH known_hosts files
-
-   The regeneration of host keys will cause a warning to be displayed when
-   connecting to the system using SSH until the host key is updated in the
-   known_hosts file.  The warning will look like this:
-
-   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
-   @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
-   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
-   IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
-   Someone could be eavesdropping on you right now (man-in-the-middle attack)!
-   It is also possible that the RSA host key has just been changed.
-
-   In this case, the host key has simply been changed, and you should update
-   the relevant known_hosts file as indicated in the error message.
-
-3. Check all OpenSSH user keys
-
-   The safest course of action is to regenerate all OpenSSH user keys,
-   except where it can be established to a high degree of certainty that the
-   key was generated on an unaffected system.
-
-   Check whether your key is affected by running the ssh-vulnkey tool, included
-   in the security update.  By default, ssh-vulnkey will check the standard
-   location for user keys (~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity),
-   your authorized_keys file (~/.ssh/authorized_keys and
-   ~/.ssh/authorized_keys2), and the system's host keys
-   (/etc/ssh/ssh_host_dsa_key and /etc/ssh/ssh_host_rsa_key).
-
-   To check all your own keys, assuming they are in the standard
-   locations (~/.ssh/id_rsa, ~/.ssh/id_dsa, or ~/.ssh/identity):
-
-     ssh-vulnkey
-
-   To check all keys on your system:
-
-     sudo ssh-vulnkey -a
-
-   To check a key in a non-standard location:
-
-     ssh-vulnkey /path/to/key
-
-   If ssh-vulnkey says "Unknown (no blacklist information)", then it has no
-   information about whether that key is affected.  If in doubt, destroy the
-   key and generate a new one.
-
-4. Regenerate any affected user keys
-
-   OpenSSH keys used for user authentication must be manually regenerated,
-   including those which may have since been transferred to a different system
-   after being generated.
-
-   New keys can be generated using ssh-keygen, e.g.:
-
-   $ ssh-keygen 
-   Generating public/private rsa key pair.
-   Enter file in which to save the key (/home/user/.ssh/id_rsa): 
-   Enter passphrase (empty for no passphrase): 
-   Enter same passphrase again: 
-   Your identification has been saved in /home/user/.ssh/id_rsa.
-   Your public key has been saved in /home/user/.ssh/id_rsa.pub.
-   The key fingerprint is:
-   00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 user@host
-
-5. Update authorized_keys files (if necessary)
-
-   Once the user keys have been regenerated, the relevant public keys must
-   be propagated to any authorized_keys files on remote systems.  Be sure to
-   delete the affected key.
-
-OpenSSL:
-
-1. Install the security update
-
-2. Create new certificates to replace any server or client certificates in use
-   on the system
-
-3. If certificates have been generated for use on other systems, they must be
-   found and replaced as well.
-
-== Removing openssh-blacklist ==
-
-For the moment, the openssh-server package depends on openssh-blacklist, in
-order that the blacklist is deployed to the maximum possible number of
-systems to reduce the potential spread of worms exploiting this
-vulnerability. We acknowledge that this may be inconvenient for some small
-systems, but nevertheless feel that this was the best course of action.
-
-If you absolutely need to remove the blacklist from your system, then you
-can run the following commands to substitute a fake package for
-openssh-blacklist:
-
-  sudo apt-get install equivs
-  equivs-control openssh-blacklist.ctl
-  sed -i 's/^Package:.*/Package: openssh-blacklist/' openssh-blacklist.ctl
-  sed -i 's/^# Version:.*/Version: 9:1.0/' openssh-blacklist.ctl
-  equivs-build openssh-blacklist.ctl
-  sudo dpkg -i openssh-blacklist_1.0_all.deb
-
-Be warned: this circumvents a security measure for the sake of disk space.
-You should only do this if you have no other option, and if you are certain
-that no compromised keys will ever be generated on or copied onto this
-system.
-
-Once a sufficient amount of time and number of releases have passed, the
-openssh-blacklist package will be phased out.
diff --git a/debian/changelog b/debian/changelog
index 188f17070..afed2d957 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,12 @@ openssh (1:6.4p1-3) UNRELEASED; urgency=medium
   * Switch to git; adjust Vcs-* fields.
   * Convert to git-dpm, and drop source package documentation associated
     with the old bzr/quilt patch handling workflow.
+  * Drop ssh-vulnkey and the associated ssh/ssh-add/sshd integration code,
+    leaving only basic configuration file compatibility, since it has been
+    nearly six years since the original vulnerability and this code is not
+    likely to be of much value any more.  See
+    https://lists.debian.org/debian-devel/2013/09/msg00240.html for my full
+    reasoning.
 
  -- Colin Watson <cjwatson@debian.org>  Sun, 09 Feb 2014 15:52:14 +0000
 
diff --git a/debian/control b/debian/control
index 308b7f4ef..8b3679570 100644
--- a/debian/control
+++ b/debian/control
@@ -15,7 +15,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, adduser (>= 3.10), dpkg (>= 1.7.0),
 Recommends: xauth
 Conflicts: ssh (<< 1:3.8.1p1-9), sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)
 Replaces: ssh, ssh-krb5
-Suggests: ssh-askpass, libpam-ssh, keychain, monkeysphere, openssh-blacklist, openssh-blacklist-extra
+Suggests: ssh-askpass, libpam-ssh, keychain, monkeysphere
 Provides: rsh-client, ssh-client
 Multi-Arch: foreign
 Description: secure shell (SSH) client, for secure access to remote machines
@@ -49,7 +49,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (>= 0.76-14), libpam
 Recommends: xauth, ncurses-term, ${openssh-server:Recommends}
 Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)
 Replaces: ssh, openssh-client (<< 1:3.8.1p1-11), ssh-krb5
-Suggests: ssh-askpass, rssh, molly-guard, ufw, monkeysphere, openssh-blacklist, openssh-blacklist-extra
+Suggests: ssh-askpass, rssh, molly-guard, ufw, monkeysphere
 Provides: ssh-server
 Multi-Arch: foreign
 Description: secure shell (SSH) server, for secure access from remote machines
diff --git a/debian/openssh-client.docs b/debian/openssh-client.docs
index 00fd691c4..d80ec1262 100644
--- a/debian/openssh-client.docs
+++ b/debian/openssh-client.docs
@@ -4,4 +4,3 @@ README
 README.dns
 README.tun
 debian/faq.html
-debian/README.compromised-keys
diff --git a/debian/openssh-client.install b/debian/openssh-client.install
index fd9e8feab..6a8060000 100644
--- a/debian/openssh-client.install
+++ b/debian/openssh-client.install
@@ -8,7 +8,6 @@ usr/bin/ssh-add
 usr/bin/ssh-agent
 usr/bin/ssh-keygen
 usr/bin/ssh-keyscan
-usr/bin/ssh-vulnkey
 usr/lib/openssh/ssh-keysign
 usr/lib/openssh/ssh-pkcs11-helper
 usr/share/man/man1/scp.1
@@ -18,7 +17,6 @@ usr/share/man/man1/ssh-add.1
 usr/share/man/man1/ssh-agent.1
 usr/share/man/man1/ssh-keygen.1
 usr/share/man/man1/ssh-keyscan.1
-usr/share/man/man1/ssh-vulnkey.1
 usr/share/man/man1/ssh.1
 usr/share/man/man5/moduli.5
 usr/share/man/man5/ssh_config.5
diff --git a/debian/patches/auth-log-verbosity.patch b/debian/patches/auth-log-verbosity.patch
index 5d98b81a2..f1db2dbdf 100644
--- a/debian/patches/auth-log-verbosity.patch
+++ b/debian/patches/auth-log-verbosity.patch
@@ -1,4 +1,4 @@
-From ec5991d73abdc0b3c43ea9f8a0e99da045e7beb1 Mon Sep 17 00:00:00 2001
+From 490aadd108dc4bf7f4b5084e3336d88ec23f6b19 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:02 +0000
 Subject: Quieten logs when multiple from= restrictions are used
@@ -91,7 +91,7 @@ index 7455c94..a3f0a02 100644
  void   auth_clear_options(void);
  int    auth_cert_options(Key *, struct passwd *);
 diff --git a/auth-rsa.c b/auth-rsa.c
-index 6ed152c..9b139c9 100644
+index 545aa49..4624c15 100644
 --- a/auth-rsa.c
 +++ b/auth-rsa.c
 @@ -174,6 +174,8 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file,
@@ -104,7 +104,7 @@ index 6ed152c..9b139c9 100644
          * Go though the accepted keys, looking for the current key.  If
          * found, perform a challenge-response dialog to verify that the
 diff --git a/auth2-pubkey.c b/auth2-pubkey.c
-index 12eb8a6..7c0ceee 100644
+index 2b3ecb1..4d87f48 100644
 --- a/auth2-pubkey.c
 +++ b/auth2-pubkey.c
 @@ -257,6 +257,7 @@ match_principals_file(char *file, struct passwd *pw, struct KeyCert *cert)
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch
index 751ba841c..f59df61bd 100644
--- a/debian/patches/authorized-keys-man-symlink.patch
+++ b/debian/patches/authorized-keys-man-symlink.patch
@@ -1,4 +1,4 @@
-From 6342b4c70310da7f73e1d54ddae0edde990d95d8 Mon Sep 17 00:00:00 2001
+From d5b4a3617c50cbe9526582979797248af5cbd9d5 Mon Sep 17 00:00:00 2001
 From: Tomas Pospisek <tpo_deb@sourcepole.ch>
 Date: Sun, 9 Feb 2014 16:10:07 +0000
 Subject: Install authorized_keys(5) as a symlink to sshd(8)
@@ -13,10 +13,10 @@ Patch-Name: authorized-keys-man-symlink.patch
  1 file changed, 1 insertion(+)
 
 diff --git a/Makefile.in b/Makefile.in
-index ca6eee5..7cd3a08 100644
+index b2dbead..7849979 100644
 --- a/Makefile.in
 +++ b/Makefile.in
-@@ -289,6 +289,7 @@ install-files:
+@@ -283,6 +283,7 @@ install-files:
         $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
         $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
         $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
diff --git a/debian/patches/consolekit.patch b/debian/patches/consolekit.patch
index f43e78500..b97bf0cd5 100644
--- a/debian/patches/consolekit.patch
+++ b/debian/patches/consolekit.patch
@@ -1,4 +1,4 @@
-From cfae2bfa1e95cbb6c7a9799f13b82e8e804ca869 Mon Sep 17 00:00:00 2001
+From 05609b1cb381eafb999214bf4a95138e63abdbf2 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:09:57 +0000
 Subject: Add support for registering ConsoleKit sessions on login
@@ -24,10 +24,10 @@ Patch-Name: consolekit.patch
  create mode 100644 consolekit.h
 
 diff --git a/Makefile.in b/Makefile.in
-index b8f5099..ca6eee5 100644
+index f979926..b2dbead 100644
 --- a/Makefile.in
 +++ b/Makefile.in
-@@ -96,7 +96,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
+@@ -94,7 +94,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
         sftp-server.o sftp-common.o \
         roaming_common.o roaming_serv.o \
         sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
@@ -35,8 +35,8 @@ index b8f5099..ca6eee5 100644
 +       sandbox-seccomp-filter.o \
 +       consolekit.o
  
- MANPAGES       = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-vulnkey.1.out sshd_config.5.out ssh_config.5.out
- MANPAGES_IN    = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-vulnkey.1 sshd_config.5 ssh_config.5
+ MANPAGES       = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
+ MANPAGES_IN    = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
 diff --git a/configure b/configure
 index ceb1b5d..78bbcd0 100755
 --- a/configure
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch
index d02e8ffcb..8edc27f70 100644
--- a/debian/patches/debian-banner.patch
+++ b/debian/patches/debian-banner.patch
@@ -1,4 +1,4 @@
-From 8a75df792931443e868e574408ed1666208a28c2 Mon Sep 17 00:00:00 2001
+From e1e1e23ca98c59a031217da0ea50b70de5427683 Mon Sep 17 00:00:00 2001
 From: Kees Cook <kees@debian.org>
 Date: Sun, 9 Feb 2014 16:10:06 +0000
 Subject: Add DebianBanner server configuration option
@@ -19,10 +19,10 @@ Patch-Name: debian-banner.patch
  4 files changed, 18 insertions(+), 1 deletion(-)
 
 diff --git a/servconf.c b/servconf.c
-index 9155a8b..a2928ff 100644
+index dcb8caf..802db1d 100644
 --- a/servconf.c
 +++ b/servconf.c
-@@ -157,6 +157,7 @@ initialize_server_options(ServerOptions *options)
+@@ -156,6 +156,7 @@ initialize_server_options(ServerOptions *options)
         options->ip_qos_interactive = -1;
         options->ip_qos_bulk = -1;
         options->version_addendum = NULL;
@@ -30,7 +30,7 @@ index 9155a8b..a2928ff 100644
  }
  
  void
-@@ -310,6 +311,8 @@ fill_default_server_options(ServerOptions *options)
+@@ -307,6 +308,8 @@ fill_default_server_options(ServerOptions *options)
                 options->ip_qos_bulk = IPTOS_THROUGHPUT;
         if (options->version_addendum == NULL)
                 options->version_addendum = xstrdup("");
@@ -39,7 +39,7 @@ index 9155a8b..a2928ff 100644
         /* Turn privilege separation on by default */
         if (use_privsep == -1)
                 use_privsep = PRIVSEP_NOSANDBOX;
-@@ -360,6 +363,7 @@ typedef enum {
+@@ -357,6 +360,7 @@ typedef enum {
         sKexAlgorithms, sIPQoS, sVersionAddendum,
         sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
         sAuthenticationMethods, sHostKeyAgent,
@@ -47,7 +47,7 @@ index 9155a8b..a2928ff 100644
         sDeprecated, sUnsupported
  } ServerOpCodes;
  
-@@ -501,6 +505,7 @@ static struct {
+@@ -498,6 +502,7 @@ static struct {
         { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
         { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
         { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
@@ -55,7 +55,7 @@ index 9155a8b..a2928ff 100644
         { NULL, sBadOption, 0 }
  };
  
-@@ -1648,6 +1653,10 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -1641,6 +1646,10 @@ process_server_config_line(ServerOptions *options, char *line,
                 }
                 return 0;
  
@@ -67,10 +67,10 @@ index 9155a8b..a2928ff 100644
                 logit("%s line %d: Deprecated option %s",
                     filename, linenum, arg);
 diff --git a/servconf.h b/servconf.h
-index f655c5b..fd72ce2 100644
+index ab6e346..1891a95 100644
 --- a/servconf.h
 +++ b/servconf.h
-@@ -188,6 +188,8 @@ typedef struct {
+@@ -187,6 +187,8 @@ typedef struct {
  
         u_int   num_auth_methods;
         char   *auth_methods[MAX_AUTH_METHODS];
@@ -80,7 +80,7 @@ index f655c5b..fd72ce2 100644
  
  /* Information about the incoming connection as used by Match */
 diff --git a/sshd.c b/sshd.c
-index 7efa7ef..6b988fe 100644
+index 46ec1a7..63b9357 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -440,7 +440,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
@@ -94,7 +94,7 @@ index 7efa7ef..6b988fe 100644
             options.version_addendum, newline);
  
 diff --git a/sshd_config.5 b/sshd_config.5
-index 510cc7c..eaf8d01 100644
+index e29604a..50eec53 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
 @@ -404,6 +404,11 @@ or
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch
index e706b4a02..3c5af97c3 100644
--- a/debian/patches/debian-config.patch
+++ b/debian/patches/debian-config.patch
@@ -1,4 +1,4 @@
-From bb5616c94d6d6b97890e90dd01a7ad07c663dc0b Mon Sep 17 00:00:00 2001
+From b65a0ded7a8cfe7d351e28266d7851216d679e05 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:18 +0000
 Subject: Various Debian-specific configuration changes
@@ -34,10 +34,10 @@ Patch-Name: debian-config.patch
  5 files changed, 53 insertions(+), 3 deletions(-)
 
 diff --git a/readconf.c b/readconf.c
-index 389de7d..2778176 100644
+index c741934..e1e82c5 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -1298,7 +1298,7 @@ fill_default_options(Options * options)
+@@ -1292,7 +1292,7 @@ fill_default_options(Options * options)
         if (options->forward_x11 == -1)
                 options->forward_x11 = 0;
         if (options->forward_x11_trusted == -1)
@@ -71,7 +71,7 @@ index 3234321..064b593 100644
 +    GSSAPIAuthentication yes
 +    GSSAPIDelegateCredentials no
 diff --git a/ssh_config.5 b/ssh_config.5
-index 5bca932..127540a 100644
+index 7b05e5f..01e7b6f 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
 @@ -71,6 +71,22 @@ Since the first obtained value for each parameter is used, more
@@ -120,7 +120,7 @@ index 9450141..9cfe28d 100644
  #StrictModes yes
  #MaxAuthTries 6
 diff --git a/sshd_config.5 b/sshd_config.5
-index ec4851a..faf93fc 100644
+index 04b5f1a..ca4cb19 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
 @@ -57,6 +57,33 @@ Arguments may optionally be enclosed in double quotes
diff --git a/debian/patches/dnssec-sshfp.patch b/debian/patches/dnssec-sshfp.patch
index 3cb291e97..4349df707 100644
--- a/debian/patches/dnssec-sshfp.patch
+++ b/debian/patches/dnssec-sshfp.patch
@@ -1,4 +1,4 @@
-From 145099bdca1b959e2ef3555cd6ce0bc44fb69ce8 Mon Sep 17 00:00:00 2001
+From d77a569da1afcb73c6ddfc934092461eeb4edb53 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:01 +0000
 Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf
diff --git a/debian/patches/doc-hash-tab-completion.patch b/debian/patches/doc-hash-tab-completion.patch
index 4f9de88ec..a6408c21f 100644
--- a/debian/patches/doc-hash-tab-completion.patch
+++ b/debian/patches/doc-hash-tab-completion.patch
@@ -1,4 +1,4 @@
-From cee45b00a94730c9a49a52a967ec08b9c29b9ca2 Mon Sep 17 00:00:00 2001
+From 6a3efad36a54be8fa4de750cd7a555fe925f21cc Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:11 +0000
 Subject: Document that HashKnownHosts may break tab-completion
@@ -13,7 +13,7 @@ Patch-Name: doc-hash-tab-completion.patch
  1 file changed, 3 insertions(+)
 
 diff --git a/ssh_config.5 b/ssh_config.5
-index 1497cfc..5bca932 100644
+index a1e18d2..7b05e5f 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
 @@ -587,6 +587,9 @@ Note that existing names and addresses in known hosts files
diff --git a/debian/patches/doc-upstart.patch b/debian/patches/doc-upstart.patch
index cb24998a2..0fa00a883 100644
--- a/debian/patches/doc-upstart.patch
+++ b/debian/patches/doc-upstart.patch
@@ -1,4 +1,4 @@
-From c1e7260fe4ed36dddc317655a69a7d4a69b3170a Mon Sep 17 00:00:00 2001
+From 5093448a615dcbab13bbbd3765ac353b827f21aa Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:10:12 +0000
 Subject: Refer to ssh's Upstart job as well as its init script
@@ -12,7 +12,7 @@ Patch-Name: doc-upstart.patch
  1 file changed, 4 insertions(+), 1 deletion(-)
 
 diff --git a/sshd.8 b/sshd.8
-index 6bdd219..b91f08c 100644
+index 95c1845..8e4017b 100644
 --- a/sshd.8
 +++ b/sshd.8
 @@ -70,7 +70,10 @@ over an insecure network.
diff --git a/debian/patches/gnome-ssh-askpass2-icon.patch b/debian/patches/gnome-ssh-askpass2-icon.patch
index 58966dd74..1cbb93436 100644
--- a/debian/patches/gnome-ssh-askpass2-icon.patch
+++ b/debian/patches/gnome-ssh-askpass2-icon.patch
@@ -1,4 +1,4 @@
-From 52e810085e196c457dfda9cad08ce76191d11fe7 Mon Sep 17 00:00:00 2001
+From 797d4dfd543b9d3fe96db6396e902a40b868d5c0 Mon Sep 17 00:00:00 2001
 From: Vincent Untz <vuntz@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:10:16 +0000
 Subject: Give the ssh-askpass-gnome window a default icon
diff --git a/debian/patches/helpful-wait-terminate.patch b/debian/patches/helpful-wait-terminate.patch
index 66a59a053..23afe3be9 100644
--- a/debian/patches/helpful-wait-terminate.patch
+++ b/debian/patches/helpful-wait-terminate.patch
@@ -1,4 +1,4 @@
-From ea2e0af0bc3a683edb32b508c03eb793617f6f31 Mon Sep 17 00:00:00 2001
+From 84589dc348c43ec22b50ede0c2946cf6afd0980d Mon Sep 17 00:00:00 2001
 From: Matthew Vernon <matthew@debian.org>
 Date: Sun, 9 Feb 2014 16:09:56 +0000
 Subject: Mention ~& when waiting for forwarded connections to terminate
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch
index 61389cc44..e22410298 100644
--- a/debian/patches/keepalive-extensions.patch
+++ b/debian/patches/keepalive-extensions.patch
@@ -1,4 +1,4 @@
-From affb41e3cf23b79a3d165ae0d97689a46a965b6f Mon Sep 17 00:00:00 2001
+From bd3d91c378d549aed56246ad4535aea29db04150 Mon Sep 17 00:00:00 2001
 From: Richard Kettlewell <rjk@greenend.org.uk>
 Date: Sun, 9 Feb 2014 16:09:52 +0000
 Subject: Various keepalive extensions
@@ -26,10 +26,10 @@ Patch-Name: keepalive-extensions.patch
  3 files changed, 34 insertions(+), 4 deletions(-)
 
 diff --git a/readconf.c b/readconf.c
-index 22e5a3a..2dcbf31 100644
+index 915a0f7..dab7963 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -141,6 +141,7 @@ typedef enum {
+@@ -140,6 +140,7 @@ typedef enum {
         oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
         oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
         oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown,
@@ -37,7 +37,7 @@ index 22e5a3a..2dcbf31 100644
         oIgnoredUnknownOption, oDeprecated, oUnsupported
  } OpCodes;
  
-@@ -263,6 +264,8 @@ static struct {
+@@ -262,6 +263,8 @@ static struct {
         { "ipqos", oIPQoS },
         { "requesttty", oRequestTTY },
         { "ignoreunknown", oIgnoreUnknown },
@@ -46,7 +46,7 @@ index 22e5a3a..2dcbf31 100644
  
         { NULL, oBadOption }
  };
-@@ -939,6 +942,8 @@ parse_int:
+@@ -934,6 +937,8 @@ parse_int:
                 goto parse_flag;
  
         case oServerAliveInterval:
@@ -55,7 +55,7 @@ index 22e5a3a..2dcbf31 100644
                 intptr = &options->server_alive_interval;
                 goto parse_time;
  
-@@ -1404,8 +1409,13 @@ fill_default_options(Options * options)
+@@ -1396,8 +1401,13 @@ fill_default_options(Options * options)
                 options->rekey_interval = 0;
         if (options->verify_host_key_dns == -1)
                 options->verify_host_key_dns = 0;
@@ -72,7 +72,7 @@ index 22e5a3a..2dcbf31 100644
                 options->server_alive_count_max = 3;
         if (options->control_master == -1)
 diff --git a/ssh_config.5 b/ssh_config.5
-index 89b25cd..135d833 100644
+index 1fc0a6b..6948680 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
 @@ -136,8 +136,12 @@ Valid arguments are
@@ -120,10 +120,10 @@ index 89b25cd..135d833 100644
  connections will die if the route is down temporarily, and some people
  find it annoying.
 diff --git a/sshd_config.5 b/sshd_config.5
-index 18ec81f..510cc7c 100644
+index 525d9c8..e29604a 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -1161,6 +1161,9 @@ This avoids infinitely hanging sessions.
+@@ -1147,6 +1147,9 @@ This avoids infinitely hanging sessions.
  .Pp
  To disable TCP keepalive messages, the value should be set to
  .Dq no .
diff --git a/debian/patches/lintian-symlink-pickiness.patch b/debian/patches/lintian-symlink-pickiness.patch
index b3b549cc8..e1073e4ac 100644
--- a/debian/patches/lintian-symlink-pickiness.patch
+++ b/debian/patches/lintian-symlink-pickiness.patch
@@ -1,4 +1,4 @@
-From 6d50dc6d561af1bcf41eaf1dc69e7920abe5aa4b Mon Sep 17 00:00:00 2001
+From 9ffc99332ff1bac6be9f0af430268e7981bd3dd2 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:08 +0000
 Subject: Fix picky lintian errors about slogin symlinks
@@ -15,12 +15,12 @@ Patch-Name: lintian-symlink-pickiness.patch
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/Makefile.in b/Makefile.in
-index 7cd3a08..839abbd 100644
+index 7849979..095f4ff 100644
 --- a/Makefile.in
 +++ b/Makefile.in
-@@ -296,9 +296,9 @@ install-files:
+@@ -289,9 +289,9 @@ install-files:
+        $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
         $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
-        $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1
         -rm -f $(DESTDIR)$(bindir)/slogin
 -       ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
 +       ln -s ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch
index 07682155c..08e1a2f3e 100644
--- a/debian/patches/mention-ssh-keygen-on-keychange.patch
+++ b/debian/patches/mention-ssh-keygen-on-keychange.patch
@@ -1,4 +1,4 @@
-From 7a20ce0712e7b7174a0c079e84568a9e8321c42b Mon Sep 17 00:00:00 2001
+From 6a137c3718ea1afab92b25a018e393cfede4d6a8 Mon Sep 17 00:00:00 2001
 From: Scott Moser <smoser@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:10:03 +0000
 Subject: Mention ssh-keygen in ssh fingerprint changed warning
diff --git a/debian/patches/no-openssl-version-check.patch b/debian/patches/no-openssl-version-check.patch
index f45e2b959..6e41d2ed9 100644
--- a/debian/patches/no-openssl-version-check.patch
+++ b/debian/patches/no-openssl-version-check.patch
@@ -1,4 +1,4 @@
-From bc87a22e258193138419d6615c0e92e4124dbe90 Mon Sep 17 00:00:00 2001
+From 3e3f5462b563ab0f2b4ba67590e5a5735fa17bec Mon Sep 17 00:00:00 2001
 From: Philip Hands <phil@hands.com>
 Date: Sun, 9 Feb 2014 16:10:14 +0000
 Subject: Disable OpenSSL version check
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch
index afc1fe306..670eea421 100644
--- a/debian/patches/openbsd-docs.patch
+++ b/debian/patches/openbsd-docs.patch
@@ -1,4 +1,4 @@
-From 98517b1b99dceff74e4a1e50d5a345f5b569ad6f Mon Sep 17 00:00:00 2001
+From d087ec8cf190df54fa8cb77c6ffd55a819dd1777 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:09 +0000
 Subject: Adjust various OpenBSD-specific references in manual pages
@@ -44,7 +44,7 @@ index ef0de08..149846c 100644
  .Sh SEE ALSO
  .Xr ssh-keygen 1 ,
 diff --git a/ssh-keygen.1 b/ssh-keygen.1
-index 144be7d..753cc62 100644
+index 0d55854..151cab0 100644
 --- a/ssh-keygen.1
 +++ b/ssh-keygen.1
 @@ -171,9 +171,7 @@ key in
@@ -88,7 +88,7 @@ index 144be7d..753cc62 100644
  The file format is described in
  .Xr moduli 5 .
 diff --git a/ssh.1 b/ssh.1
-index 0b38ae1..b3c3924 100644
+index 05ae6ad..6e2e03b 100644
 --- a/ssh.1
 +++ b/ssh.1
 @@ -756,6 +756,10 @@ Protocol 1 is restricted to using only RSA keys,
@@ -103,7 +103,7 @@ index 0b38ae1..b3c3924 100644
  .Pp
  The file
 diff --git a/sshd.8 b/sshd.8
-index a604429..6bdd219 100644
+index b0c7ab6..95c1845 100644
 --- a/sshd.8
 +++ b/sshd.8
 @@ -70,7 +70,7 @@ over an insecure network.
@@ -124,8 +124,8 @@ index a604429..6bdd219 100644
  Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
  The file format is described in
  .Xr moduli 5 .
-@@ -957,7 +957,6 @@ The content of this file is not sensitive; it can be world-readable.
- .Xr ssh-vulnkey 1 ,
+@@ -956,7 +956,6 @@ The content of this file is not sensitive; it can be world-readable.
+ .Xr ssh-keyscan 1 ,
  .Xr chroot 2 ,
  .Xr hosts_access 5 ,
 -.Xr login.conf 5 ,
@@ -133,7 +133,7 @@ index a604429..6bdd219 100644
  .Xr sshd_config 5 ,
  .Xr inetd 8 ,
 diff --git a/sshd_config.5 b/sshd_config.5
-index eaf8d01..ec4851a 100644
+index 50eec53..04b5f1a 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
 @@ -283,8 +283,7 @@ This option is only available for protocol version 2.
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch
index df97fa40f..f6d793751 100644
--- a/debian/patches/package-versioning.patch
+++ b/debian/patches/package-versioning.patch
@@ -1,4 +1,4 @@
-From da3ff9786c4c03b2aac4936b28f06b3c152e230d Mon Sep 17 00:00:00 2001
+From 893bd5a6f70b58e1ed98d496c4f465d8c1df71a7 Mon Sep 17 00:00:00 2001
 From: Matthew Vernon <matthew@debian.org>
 Date: Sun, 9 Feb 2014 16:10:05 +0000
 Subject: Include the Debian version in our identification
@@ -36,7 +36,7 @@ index bda83b2..ad960fd 100644
         if (roaming_atomicio(vwrite, connection_out, client_version_string,
             strlen(client_version_string)) != strlen(client_version_string))
 diff --git a/sshd.c b/sshd.c
-index fbe3284..7efa7ef 100644
+index e5c9835..46ec1a7 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -440,7 +440,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
diff --git a/debian/patches/quieter-signals.patch b/debian/patches/quieter-signals.patch
index 5cb0146d8..664abf0ff 100644
--- a/debian/patches/quieter-signals.patch
+++ b/debian/patches/quieter-signals.patch
@@ -1,4 +1,4 @@
-From da5b4ce7296ada332d70133a9ec02ba71c742b7d Mon Sep 17 00:00:00 2001
+From 360257b8a56798d507123ff770f2def408464f00 Mon Sep 17 00:00:00 2001
 From: Peter Samuelson <peter@p12n.org>
 Date: Sun, 9 Feb 2014 16:09:55 +0000
 Subject: Reduce severity of "Killed by signal %d"
diff --git a/debian/patches/scp-quoting.patch b/debian/patches/scp-quoting.patch
index 887164beb..71dcecc9c 100644
--- a/debian/patches/scp-quoting.patch
+++ b/debian/patches/scp-quoting.patch
@@ -1,4 +1,4 @@
-From 7531f41888f9e40be95a319fb325f6f05dd50751 Mon Sep 17 00:00:00 2001
+From bb3ea9f222f7f0fe9b449b75bfae93513f7ca3e2 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Nicolas=20Valc=C3=A1rcel?= <nvalcarcel@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:09:59 +0000
 Subject: Adjust scp quoting in verbose mode
diff --git a/debian/patches/series b/debian/patches/series
index ced2bbd1e..5d21e57d1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,6 +1,6 @@
 gssapi.patch
 selinux-role.patch
-ssh-vulnkey.patch
+ssh-vulnkey-compat.patch
 ssh1-keepalive.patch
 keepalive-extensions.patch
 syslog-level-silent.patch
diff --git a/debian/patches/shell-path.patch b/debian/patches/shell-path.patch
index 8f09b936a..a7540eb34 100644
--- a/debian/patches/shell-path.patch
+++ b/debian/patches/shell-path.patch
@@ -1,4 +1,4 @@
-From b5f3be892e6d7150e7885133228fd03af69a11bc Mon Sep 17 00:00:00 2001
+From 7231af57ca3efb451ace1b8e056fa0e52c67654e Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:00 +0000
 Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand
diff --git a/debian/patches/sigstop.patch b/debian/patches/sigstop.patch
index febcbc86a..7776b6d11 100644
--- a/debian/patches/sigstop.patch
+++ b/debian/patches/sigstop.patch
@@ -1,4 +1,4 @@
-From 6fba9b85d3529fd3e1ca03dff3e457f04b3e39dd Mon Sep 17 00:00:00 2001
+From 727d51f30918f6635f06694f71f4318a6038296d Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:17 +0000
 Subject: Support synchronisation with service supervisor using SIGSTOP
@@ -12,10 +12,10 @@ Patch-Name: sigstop.patch
  1 file changed, 4 insertions(+)
 
 diff --git a/sshd.c b/sshd.c
-index 6b988fe..72e9eaf 100644
+index 63b9357..fd7f182 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -1914,6 +1914,10 @@ main(int ac, char **av)
+@@ -1909,6 +1909,10 @@ main(int ac, char **av)
                         }
                 }
  
diff --git a/debian/patches/ssh-agent-setgid.patch b/debian/patches/ssh-agent-setgid.patch
index 3760e8c14..9ae105960 100644
--- a/debian/patches/ssh-agent-setgid.patch
+++ b/debian/patches/ssh-agent-setgid.patch
@@ -1,4 +1,4 @@
-From 92a81c0caf44c15d3a07cf1f36470ca05c11ff1e Mon Sep 17 00:00:00 2001
+From ad4f5086a0f0c47daf04be484ff310101551e48a Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:13 +0000
 Subject: Document consequences of ssh-agent being setgid in ssh-agent(1)
diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch
index b15f251ef..138a3632a 100644
--- a/debian/patches/ssh-argv0.patch
+++ b/debian/patches/ssh-argv0.patch
@@ -1,4 +1,4 @@
-From b339802cbe8c304541273029a1c9c3c639725643 Mon Sep 17 00:00:00 2001
+From 901a9e09f92a72c4a627af9feffdd39fb805e95d Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:10 +0000
 Subject: ssh(1): Refer to ssh-argv0(1)
@@ -18,7 +18,7 @@ Patch-Name: ssh-argv0.patch
  1 file changed, 1 insertion(+)
 
 diff --git a/ssh.1 b/ssh.1
-index b3c3924..c0cc12f 100644
+index 6e2e03b..63b0573 100644
 --- a/ssh.1
 +++ b/ssh.1
 @@ -1451,6 +1451,7 @@ if an error occurred.
@@ -28,4 +28,4 @@ index b3c3924..c0cc12f 100644
 +.Xr ssh-argv0 1 ,
  .Xr ssh-keygen 1 ,
  .Xr ssh-keyscan 1 ,
- .Xr ssh-vulnkey 1 ,
+ .Xr tun 4 ,
diff --git a/debian/patches/ssh-vulnkey-compat.patch b/debian/patches/ssh-vulnkey-compat.patch
new file mode 100644
index 000000000..50d500f6d
--- /dev/null
+++ b/debian/patches/ssh-vulnkey-compat.patch
@@ -0,0 +1,42 @@
+From bdc94de85ed7dbafb949c239d7c3eff23ea4aa28 Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@ubuntu.com>
+Date: Sun, 9 Feb 2014 16:09:50 +0000
+Subject: Accept obsolete ssh-vulnkey configuration options
+
+These options were used as part of Debian's response to CVE-2008-0166.
+Nearly six years later, we no longer need to continue carrying the bulk
+of that patch, but we do need to avoid failing when the associated
+configuration options are still present.
+
+Last-Update: 2014-02-09
+
+Patch-Name: ssh-vulnkey-compat.patch
+---
+ readconf.c | 1 +
+ servconf.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/readconf.c b/readconf.c
+index 2695fd6..915a0f7 100644
+--- a/readconf.c
++++ b/readconf.c
+@@ -161,6 +161,7 @@ static struct {
+        { "passwordauthentication", oPasswordAuthentication },
+        { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
+        { "kbdinteractivedevices", oKbdInteractiveDevices },
++       { "useblacklistedkeys", oDeprecated },
+        { "rsaauthentication", oRSAAuthentication },
+        { "pubkeyauthentication", oPubkeyAuthentication },
+        { "dsaauthentication", oPubkeyAuthentication },             /* alias */
+diff --git a/servconf.c b/servconf.c
+index c938ae3..dcb8caf 100644
+--- a/servconf.c
++++ b/servconf.c
+@@ -451,6 +451,7 @@ static struct {
+        { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
+        { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
+        { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
++       { "permitblacklistedkeys", sDeprecated, SSHCFG_GLOBAL },
+        { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
+        { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
+        { "uselogin", sUseLogin, SSHCFG_GLOBAL },
diff --git a/debian/patches/ssh-vulnkey.patch b/debian/patches/ssh-vulnkey.patch
deleted file mode 100644
index ae262083d..000000000
--- a/debian/patches/ssh-vulnkey.patch
+++ /dev/null
@@ -1,1419 +0,0 @@
-From 8909ff0e3cd07d1b042d1be1c8b8828dbf6c9a83 Mon Sep 17 00:00:00 2001
-From: Colin Watson <cjwatson@ubuntu.com>
-Date: Sun, 9 Feb 2014 16:09:50 +0000
-Subject: Reject vulnerable keys to mitigate Debian OpenSSL flaw
-
-In 2008, Debian (and derived distributions such as Ubuntu) shipped an
-OpenSSL package with a flawed random number generator, causing OpenSSH to
-generate only a very limited set of keys which were subject to private half
-precomputation.  To mitigate this, this patch checks key authentications
-against a blacklist of known-vulnerable keys, and adds a new ssh-vulnkey
-program which can be used to explicitly check keys against that blacklist.
-See CVE-2008-0166.
-
-Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1469
-Last-Update: 2013-09-14
-
-Patch-Name: ssh-vulnkey.patch
----
- Makefile.in       |  17 ++-
- auth-rh-rsa.c     |   2 +-
- auth-rsa.c        |   2 +-
- auth.c            |  27 +++-
- auth.h            |   2 +-
- auth2-hostbased.c |   2 +-
- auth2-pubkey.c    |   5 +-
- authfile.c        | 136 +++++++++++++++++++
- authfile.h        |   2 +
- pathnames.h       |   7 +
- readconf.c        |   9 ++
- readconf.h        |   1 +
- servconf.c        |  11 +-
- servconf.h        |   1 +
- ssh-add.1         |   5 +
- ssh-add.c         |  10 +-
- ssh-keygen.1      |   1 +
- ssh-vulnkey.1     | 242 ++++++++++++++++++++++++++++++++++
- ssh-vulnkey.c     | 386 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
- ssh.1             |   1 +
- ssh.c             |  18 ++-
- ssh_config.5      |  17 +++
- sshconnect2.c     |   4 +-
- sshd.8            |   1 +
- sshd.c            |   5 +
- sshd_config.5     |  14 ++
- 26 files changed, 913 insertions(+), 15 deletions(-)
- create mode 100644 ssh-vulnkey.1
- create mode 100644 ssh-vulnkey.c
-
-diff --git a/Makefile.in b/Makefile.in
-index f979926..b8f5099 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -26,6 +26,7 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
- SFTP_SERVER=$(libexecdir)/sftp-server
- SSH_KEYSIGN=$(libexecdir)/ssh-keysign
- SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
-+SSH_DATADIR=$(datadir)/ssh
- PRIVSEP_PATH=@PRIVSEP_PATH@
- SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
- STRIP_OPT=@STRIP_OPT@
-@@ -37,7 +38,8 @@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \
-        -D_PATH_SSH_KEY_SIGN=\"$(SSH_KEYSIGN)\" \
-        -D_PATH_SSH_PKCS11_HELPER=\"$(SSH_PKCS11_HELPER)\" \
-        -D_PATH_SSH_PIDDIR=\"$(piddir)\" \
--       -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\"
-+       -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\" \
-+       -D_PATH_SSH_DATADIR=\"$(SSH_DATADIR)\"
- 
- CC=@CC@
- LD=@LD@
-@@ -61,7 +63,7 @@ LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
- EXEEXT=@EXEEXT@
- MANFMT=@MANFMT@
- 
--TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
-+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-vulnkey$(EXEEXT)
- 
- LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \
-        canohost.o channels.o cipher.o cipher-aes.o \
-@@ -96,8 +98,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
-        sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
-        sandbox-seccomp-filter.o
- 
--MANPAGES       = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
--MANPAGES_IN    = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
-+MANPAGES       = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-vulnkey.1.out sshd_config.5.out ssh_config.5.out
-+MANPAGES_IN    = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-vulnkey.1 sshd_config.5 ssh_config.5
- MANTYPE                = @MANTYPE@
- 
- CONFIGFILES=sshd_config.out ssh_config.out moduli.out
-@@ -176,6 +178,9 @@ sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o s
- sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
-        $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
- 
-+ssh-vulnkey$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-vulnkey.o
-+       $(LD) -o $@ ssh-vulnkey.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-+
- # test driver for the loginrec code - not built by default
- logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
-        $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)
-@@ -272,6 +277,7 @@ install-files:
-        $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
-        $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
-        $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
-+       $(INSTALL) -m 0755 $(STRIP_OPT) ssh-vulnkey$(EXEEXT) $(DESTDIR)$(bindir)/ssh-vulnkey$(EXEEXT)
-        $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
-        $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
-        $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
-@@ -286,6 +292,7 @@ install-files:
-        $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
-        $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
-        $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
-+       $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1
-        -rm -f $(DESTDIR)$(bindir)/slogin
-        ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
-        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
-@@ -367,6 +374,7 @@ uninstall:
-        -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT)
-        -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
-        -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
-+       -rm -f $(DESTDIR)$(bindir)/ssh-vulnkey$(EXEEXT)
-        -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT)
-        -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
-        -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
-@@ -379,6 +387,7 @@ uninstall:
-        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
-        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
-        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
-+       -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1
-        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
-        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
-        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
-diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
-index b21a0f4..891ec32 100644
---- a/auth-rh-rsa.c
-+++ b/auth-rh-rsa.c
-@@ -44,7 +44,7 @@ auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost,
- {
-        HostStatus host_status;
- 
--       if (auth_key_is_revoked(client_host_key))
-+       if (auth_key_is_revoked(client_host_key, 0))
-                return 0;
- 
-        /* Check if we would accept it using rhosts authentication. */
-diff --git a/auth-rsa.c b/auth-rsa.c
-index 545aa49..6ed152c 100644
---- a/auth-rsa.c
-+++ b/auth-rsa.c
-@@ -237,7 +237,7 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file,
-                free(fp);
- 
-                /* Never accept a revoked key */
--               if (auth_key_is_revoked(key))
-+               if (auth_key_is_revoked(key, 0))
-                        break;
- 
-                /* We have found the desired key. */
-diff --git a/auth.c b/auth.c
-index 9a36f1d..6662e9a 100644
---- a/auth.c
-+++ b/auth.c
-@@ -59,6 +59,7 @@
- #include "servconf.h"
- #include "key.h"
- #include "hostfile.h"
-+#include "authfile.h"
- #include "auth.h"
- #include "auth-options.h"
- #include "canohost.h"
-@@ -657,10 +658,34 @@ getpwnamallow(const char *user)
- 
- /* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */
- int
--auth_key_is_revoked(Key *key)
-+auth_key_is_revoked(Key *key, int hostkey)
- {
-        char *key_fp;
- 
-+       if (blacklisted_key(key, &key_fp) == 1) {
-+               if (options.permit_blacklisted_keys) {
-+                       if (hostkey)
-+                               error("Host key %s blacklisted (see "
-+                                   "ssh-vulnkey(1)); continuing anyway",
-+                                   key_fp);
-+                       else
-+                               logit("Public key %s from %s blacklisted (see "
-+                                   "ssh-vulnkey(1)); continuing anyway",
-+                                   key_fp, get_remote_ipaddr());
-+                       free(key_fp);
-+               } else {
-+                       if (hostkey)
-+                               error("Host key %s blacklisted (see "
-+                                   "ssh-vulnkey(1))", key_fp);
-+                       else
-+                               logit("Public key %s from %s blacklisted (see "
-+                                   "ssh-vulnkey(1))",
-+                                   key_fp, get_remote_ipaddr());
-+                       free(key_fp);
-+                       return 1;
-+               }
-+       }
-+
-        if (options.revoked_keys_file == NULL)
-                return 0;
-        switch (ssh_krl_file_contains_key(options.revoked_keys_file, key)) {
-diff --git a/auth.h b/auth.h
-index 5b6824f..ec95460 100644
---- a/auth.h
-+++ b/auth.h
-@@ -191,7 +191,7 @@ char        *authorized_principals_file(struct passwd *);
- 
- FILE   *auth_openkeyfile(const char *, struct passwd *, int);
- FILE   *auth_openprincipals(const char *, struct passwd *, int);
--int     auth_key_is_revoked(Key *);
-+int     auth_key_is_revoked(Key *, int);
- 
- HostStatus
- check_key_in_hostfiles(struct passwd *, Key *, const char *,
-diff --git a/auth2-hostbased.c b/auth2-hostbased.c
-index a344dcc..3a17f1b 100644
---- a/auth2-hostbased.c
-+++ b/auth2-hostbased.c
-@@ -150,7 +150,7 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
-        int len;
-        char *fp;
- 
--       if (auth_key_is_revoked(key))
-+       if (auth_key_is_revoked(key, 0))
-                return 0;
- 
-        resolvedname = get_canonical_hostname(options.use_dns);
-diff --git a/auth2-pubkey.c b/auth2-pubkey.c
-index 2b3ecb1..12eb8a6 100644
---- a/auth2-pubkey.c
-+++ b/auth2-pubkey.c
-@@ -647,9 +647,10 @@ user_key_allowed(struct passwd *pw, Key *key)
-        u_int success, i;
-        char *file;
- 
--       if (auth_key_is_revoked(key))
-+       if (auth_key_is_revoked(key, 0))
-                return 0;
--       if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
-+       if (key_is_cert(key) &&
-+           auth_key_is_revoked(key->cert->signature_key, 0))
-                return 0;
- 
-        success = user_cert_trusted_ca(pw, key);
-diff --git a/authfile.c b/authfile.c
-index 63ae16b..9833591 100644
---- a/authfile.c
-+++ b/authfile.c
-@@ -68,6 +68,7 @@
- #include "rsa.h"
- #include "misc.h"
- #include "atomicio.h"
-+#include "pathnames.h"
- 
- #define MAX_KEY_FILE_SIZE      (1024 * 1024)
- 
-@@ -944,3 +945,138 @@ key_in_file(Key *key, const char *filename, int strict_type)
-        return ret;
- }
- 
-+/* Scan a blacklist of known-vulnerable keys in blacklist_file. */
-+static int
-+blacklisted_key_in_file(Key *key, const char *blacklist_file, char **fp)
-+{
-+       int fd = -1;
-+       char *dgst_hex = NULL;
-+       char *dgst_packed = NULL, *p;
-+       int i;
-+       size_t line_len;
-+       struct stat st;
-+       char buf[256];
-+       off_t start, lower, upper;
-+       int ret = 0;
-+
-+       debug("Checking blacklist file %s", blacklist_file);
-+       fd = open(blacklist_file, O_RDONLY);
-+       if (fd < 0) {
-+               ret = -1;
-+               goto out;
-+       }
-+
-+       dgst_hex = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
-+       /* Remove all colons */
-+       dgst_packed = xcalloc(1, strlen(dgst_hex) + 1);
-+       for (i = 0, p = dgst_packed; dgst_hex[i]; i++)
-+               if (dgst_hex[i] != ':')
-+                       *p++ = dgst_hex[i];
-+       /* Only compare least-significant 80 bits (to keep the blacklist
-+        * size down)
-+        */
-+       line_len = strlen(dgst_packed + 12);
-+       if (line_len > 32)
-+               goto out;
-+
-+       /* Skip leading comments */
-+       start = 0;
-+       for (;;) {
-+               ssize_t r;
-+               char *newline;
-+
-+               r = atomicio(read, fd, buf, sizeof(buf));
-+               if (r <= 0)
-+                       goto out;
-+               if (buf[0] != '#')
-+                       break;
-+
-+               newline = memchr(buf, '\n', sizeof(buf));
-+               if (!newline)
-+                       goto out;
-+               start += newline + 1 - buf;
-+               if (lseek(fd, start, SEEK_SET) < 0)
-+                       goto out;
-+       }
-+
-+       /* Initialise binary search record numbers */
-+       if (fstat(fd, &st) < 0)
-+               goto out;
-+       lower = 0;
-+       upper = (st.st_size - start) / (line_len + 1);
-+
-+       while (lower != upper) {
-+               off_t cur;
-+               int cmp;
-+
-+               cur = lower + (upper - lower) / 2;
-+
-+               /* Read this line and compare to digest; this is
-+                * overflow-safe since cur < max(off_t) / (line_len + 1) */
-+               if (lseek(fd, start + cur * (line_len + 1), SEEK_SET) < 0)
-+                       break;
-+               if (atomicio(read, fd, buf, line_len) != line_len)
-+                       break;
-+               cmp = memcmp(buf, dgst_packed + 12, line_len);
-+               if (cmp < 0) {
-+                       if (cur == lower)
-+                               break;
-+                       lower = cur;
-+               } else if (cmp > 0) {
-+                       if (cur == upper)
-+                               break;
-+                       upper = cur;
-+               } else {
-+                       debug("Found %s in blacklist", dgst_hex);
-+                       ret = 1;
-+                       break;
-+               }
-+       }
-+
-+out:
-+       free(dgst_packed);
-+       if (ret != 1 && dgst_hex) {
-+               free(dgst_hex);
-+               dgst_hex = NULL;
-+       }
-+       if (fp)
-+               *fp = dgst_hex;
-+       if (fd >= 0)
-+               close(fd);
-+       return ret;
-+}
-+
-+/*
-+ * Scan blacklists of known-vulnerable keys. If a vulnerable key is found,
-+ * its fingerprint is returned in *fp, unless fp is NULL.
-+ */
-+int
-+blacklisted_key(Key *key, char **fp)
-+{
-+       Key *public;
-+       char *blacklist_file;
-+       int ret, ret2;
-+
-+       public = key_demote(key);
-+       if (public->type == KEY_RSA1)
-+               public->type = KEY_RSA;
-+
-+       xasprintf(&blacklist_file, "%s.%s-%u",
-+           _PATH_BLACKLIST, key_type(public), key_size(public));
-+       ret = blacklisted_key_in_file(public, blacklist_file, fp);
-+       free(blacklist_file);
-+       if (ret > 0) {
-+               key_free(public);
-+               return ret;
-+       }
-+
-+       xasprintf(&blacklist_file, "%s.%s-%u",
-+           _PATH_BLACKLIST_CONFIG, key_type(public), key_size(public));
-+       ret2 = blacklisted_key_in_file(public, blacklist_file, fp);
-+       free(blacklist_file);
-+       if (ret2 > ret)
-+               ret = ret2;
-+
-+       key_free(public);
-+       return ret;
-+}
-diff --git a/authfile.h b/authfile.h
-index 78349be..3f2bdcb 100644
---- a/authfile.h
-+++ b/authfile.h
-@@ -28,4 +28,6 @@ Key   *key_load_private_pem(int, int, const char *, char **);
- int     key_perm_ok(int, const char *);
- int     key_in_file(Key *, const char *, int);
- 
-+int     blacklisted_key(Key *key, char **fp);
-+
- #endif
-diff --git a/pathnames.h b/pathnames.h
-index 5027fba..47f7867 100644
---- a/pathnames.h
-+++ b/pathnames.h
-@@ -18,6 +18,10 @@
- #define SSHDIR                         ETCDIR "/ssh"
- #endif
- 
-+#ifndef _PATH_SSH_DATADIR
-+#define _PATH_SSH_DATADIR              "/usr/share/ssh"
-+#endif
-+
- #ifndef _PATH_SSH_PIDDIR
- #define _PATH_SSH_PIDDIR               "/var/run"
- #endif
-@@ -44,6 +48,9 @@
- /* Backwards compatibility */
- #define _PATH_DH_PRIMES                        SSHDIR "/primes"
- 
-+#define _PATH_BLACKLIST                        _PATH_SSH_DATADIR "/blacklist"
-+#define _PATH_BLACKLIST_CONFIG         SSHDIR "/blacklist"
-+
- #ifndef _PATH_SSH_PROGRAM
- #define _PATH_SSH_PROGRAM              "/usr/bin/ssh"
- #endif
-diff --git a/readconf.c b/readconf.c
-index 2695fd6..22e5a3a 100644
---- a/readconf.c
-+++ b/readconf.c
-@@ -128,6 +128,7 @@ typedef enum {
-        oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
-        oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
-        oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
-+       oUseBlacklistedKeys,
-        oHostKeyAlgorithms, oBindAddress, oPKCS11Provider,
-        oClearAllForwardings, oNoHostAuthenticationForLocalhost,
-        oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
-@@ -161,6 +162,7 @@ static struct {
-        { "passwordauthentication", oPasswordAuthentication },
-        { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
-        { "kbdinteractivedevices", oKbdInteractiveDevices },
-+       { "useblacklistedkeys", oUseBlacklistedKeys },
-        { "rsaauthentication", oRSAAuthentication },
-        { "pubkeyauthentication", oPubkeyAuthentication },
-        { "dsaauthentication", oPubkeyAuthentication },             /* alias */
-@@ -523,6 +525,10 @@ parse_flag:
-                intptr = &options->challenge_response_authentication;
-                goto parse_flag;
- 
-+       case oUseBlacklistedKeys:
-+               intptr = &options->use_blacklisted_keys;
-+               goto parse_flag;
-+
-        case oGssAuthentication:
-                intptr = &options->gss_authentication;
-                goto parse_flag;
-@@ -1210,6 +1216,7 @@ initialize_options(Options * options)
-        options->kbd_interactive_devices = NULL;
-        options->rhosts_rsa_authentication = -1;
-        options->hostbased_authentication = -1;
-+       options->use_blacklisted_keys = -1;
-        options->batch_mode = -1;
-        options->check_host_ip = -1;
-        options->strict_host_key_checking = -1;
-@@ -1320,6 +1327,8 @@ fill_default_options(Options * options)
-                options->rhosts_rsa_authentication = 0;
-        if (options->hostbased_authentication == -1)
-                options->hostbased_authentication = 0;
-+       if (options->use_blacklisted_keys == -1)
-+               options->use_blacklisted_keys = 0;
-        if (options->batch_mode == -1)
-                options->batch_mode = 0;
-        if (options->check_host_ip == -1)
-diff --git a/readconf.h b/readconf.h
-index 675b35d..a508151 100644
---- a/readconf.h
-+++ b/readconf.h
-@@ -59,6 +59,7 @@ typedef struct {
-        int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
-        char    *kbd_interactive_devices; /* Keyboard-interactive auth devices. */
-        int     zero_knowledge_password_authentication; /* Try jpake */
-+       int     use_blacklisted_keys;   /* If true, send */
-        int     batch_mode;     /* Batch mode: do not ask for passwords. */
-        int     check_host_ip;  /* Also keep track of keys for IP address */
-        int     strict_host_key_checking;       /* Strict host key checking. */
-diff --git a/servconf.c b/servconf.c
-index c938ae3..9155a8b 100644
---- a/servconf.c
-+++ b/servconf.c
-@@ -114,6 +114,7 @@ initialize_server_options(ServerOptions *options)
-        options->password_authentication = -1;
-        options->kbd_interactive_authentication = -1;
-        options->challenge_response_authentication = -1;
-+       options->permit_blacklisted_keys = -1;
-        options->permit_empty_passwd = -1;
-        options->permit_user_env = -1;
-        options->use_login = -1;
-@@ -257,6 +258,8 @@ fill_default_server_options(ServerOptions *options)
-                options->kbd_interactive_authentication = 0;
-        if (options->challenge_response_authentication == -1)
-                options->challenge_response_authentication = 1;
-+       if (options->permit_blacklisted_keys == -1)
-+               options->permit_blacklisted_keys = 0;
-        if (options->permit_empty_passwd == -1)
-                options->permit_empty_passwd = 0;
-        if (options->permit_user_env == -1)
-@@ -338,7 +341,7 @@ typedef enum {
-        sListenAddress, sAddressFamily,
-        sPrintMotd, sPrintLastLog, sIgnoreRhosts,
-        sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
--       sStrictModes, sEmptyPasswd, sTCPKeepAlive,
-+       sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive,
-        sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
-        sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
-        sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
-@@ -451,6 +454,7 @@ static struct {
-        { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
-        { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
-        { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
-+       { "permitblacklistedkeys", sPermitBlacklistedKeys, SSHCFG_GLOBAL },
-        { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
-        { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
-        { "uselogin", sUseLogin, SSHCFG_GLOBAL },
-@@ -1158,6 +1162,10 @@ process_server_config_line(ServerOptions *options, char *line,
-                intptr = &options->tcp_keep_alive;
-                goto parse_flag;
- 
-+       case sPermitBlacklistedKeys:
-+               intptr = &options->permit_blacklisted_keys;
-+               goto parse_flag;
-+
-        case sEmptyPasswd:
-                intptr = &options->permit_empty_passwd;
-                goto parse_flag;
-@@ -2036,6 +2044,7 @@ dump_config(ServerOptions *o)
-        dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
-        dump_cfg_fmtint(sStrictModes, o->strict_modes);
-        dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
-+       dump_cfg_fmtint(sPermitBlacklistedKeys, o->permit_blacklisted_keys);
-        dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
-        dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
-        dump_cfg_fmtint(sUseLogin, o->use_login);
-diff --git a/servconf.h b/servconf.h
-index ab6e346..f655c5b 100644
---- a/servconf.h
-+++ b/servconf.h
-@@ -121,6 +121,7 @@ typedef struct {
-        int     challenge_response_authentication;
-        int     zero_knowledge_password_authentication;
-                                        /* If true, permit jpake auth */
-+       int     permit_blacklisted_keys;        /* If true, permit */
-        int     permit_empty_passwd;    /* If false, do not permit empty
-                                         * passwords. */
-        int     permit_user_env;        /* If true, read ~/.ssh/environment */
-diff --git a/ssh-add.1 b/ssh-add.1
-index 44846b6..d394b26 100644
---- a/ssh-add.1
-+++ b/ssh-add.1
-@@ -81,6 +81,10 @@ environment variable must contain the name of its socket for
- .Nm
- to work.
- .Pp
-+Any keys recorded in the blacklist of known-compromised keys (see
-+.Xr ssh-vulnkey 1 )
-+will be refused.
-+.Pp
- The options are as follows:
- .Bl -tag -width Ds
- .It Fl c
-@@ -186,6 +190,7 @@ is unable to contact the authentication agent.
- .Xr ssh 1 ,
- .Xr ssh-agent 1 ,
- .Xr ssh-keygen 1 ,
-+.Xr ssh-vulnkey 1 ,
- .Xr sshd 8
- .Sh AUTHORS
- OpenSSH is a derivative of the original and free
-diff --git a/ssh-add.c b/ssh-add.c
-index 5e8166f..b309582 100644
---- a/ssh-add.c
-+++ b/ssh-add.c
-@@ -167,7 +167,7 @@ static int
- add_file(AuthenticationConnection *ac, const char *filename, int key_only)
- {
-        Key *private, *cert;
--       char *comment = NULL;
-+       char *comment = NULL, *fp;
-        char msg[1024], *certpath = NULL;
-        int fd, perms_ok, ret = -1;
-        Buffer keyblob;
-@@ -243,6 +243,14 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only)
-        } else {
-                fprintf(stderr, "Could not add identity: %s\n", filename);
-        }
-+       if (blacklisted_key(private, &fp) == 1) {
-+               fprintf(stderr, "Public key %s blacklisted (see "
-+                   "ssh-vulnkey(1)); refusing to add it\n", fp);
-+               free(fp);
-+               key_free(private);
-+               free(comment);
-+               return -1;
-+       }
- 
-        /* Skip trying to load the cert if requested */
-        if (key_only)
-diff --git a/ssh-keygen.1 b/ssh-keygen.1
-index 0d55854..144be7d 100644
---- a/ssh-keygen.1
-+++ b/ssh-keygen.1
-@@ -809,6 +809,7 @@ The file format is described in
- .Xr ssh 1 ,
- .Xr ssh-add 1 ,
- .Xr ssh-agent 1 ,
-+.Xr ssh-vulnkey 1 ,
- .Xr moduli 5 ,
- .Xr sshd 8
- .Rs
-diff --git a/ssh-vulnkey.1 b/ssh-vulnkey.1
-new file mode 100644
-index 0000000..bcb9d31
---- /dev/null
-+++ b/ssh-vulnkey.1
-@@ -0,0 +1,242 @@
-+.\" Copyright (c) 2008 Canonical Ltd.  All rights reserved.
-+.\"
-+.\" Redistribution and use in source and binary forms, with or without
-+.\" modification, are permitted provided that the following conditions
-+.\" are met:
-+.\" 1. Redistributions of source code must retain the above copyright
-+.\"    notice, this list of conditions and the following disclaimer.
-+.\" 2. Redistributions in binary form must reproduce the above copyright
-+.\"    notice, this list of conditions and the following disclaimer in the
-+.\"    documentation and/or other materials provided with the distribution.
-+.\"
-+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+.\"
-+.Dd $Mdocdate: May 12 2008 $
-+.Dt SSH-VULNKEY 1
-+.Os
-+.Sh NAME
-+.Nm ssh-vulnkey
-+.Nd check blacklist of compromised keys
-+.Sh SYNOPSIS
-+.Nm
-+.Op Fl q | Fl v
-+.Ar file ...
-+.Nm
-+.Fl a
-+.Sh DESCRIPTION
-+.Nm
-+checks a key against a blacklist of compromised keys.
-+.Pp
-+A substantial number of keys are known to have been generated using a broken
-+version of OpenSSL distributed by Debian which failed to seed its random
-+number generator correctly.
-+Keys generated using these OpenSSL versions should be assumed to be
-+compromised.
-+This tool may be useful in checking for such keys.
-+.Pp
-+Keys that are compromised cannot be repaired; replacements must be generated
-+using
-+.Xr ssh-keygen 1 .
-+Make sure to update
-+.Pa authorized_keys
-+files on all systems where compromised keys were permitted to authenticate.
-+.Pp
-+The argument list will be interpreted as a list of paths to public key files
-+or
-+.Pa authorized_keys
-+files.
-+If no suitable file is found at a given path,
-+.Nm
-+will append
-+.Pa .pub
-+and retry, in case it was given a private key file.
-+If no files are given as arguments,
-+.Nm
-+will check
-+.Pa ~/.ssh/id_rsa ,
-+.Pa ~/.ssh/id_dsa ,
-+.Pa ~/.ssh/identity ,
-+.Pa ~/.ssh/authorized_keys
-+and
-+.Pa ~/.ssh/authorized_keys2 ,
-+as well as the system's host keys if readable.
-+.Pp
-+If
-+.Dq -
-+is given as an argument,
-+.Nm
-+will read from standard input.
-+This can be used to process output from
-+.Xr ssh-keyscan 1 ,
-+for example:
-+.Pp
-+.Dl $ ssh-keyscan -t rsa remote.example.org | ssh-vulnkey -
-+.Pp
-+Unless the
-+.Cm PermitBlacklistedKeys
-+option is used,
-+.Xr sshd 8
-+will reject attempts to authenticate with keys in the compromised list.
-+.Pp
-+The output from
-+.Nm
-+looks like this:
-+.Pp
-+.Bd -literal -offset indent
-+/etc/ssh/ssh_host_key:1: COMPROMISED: RSA1 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx root@host
-+/home/user/.ssh/id_dsa:1: Not blacklisted: DSA 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx /home/user/.ssh/id_dsa.pub
-+/home/user/.ssh/authorized_keys:3: Unknown (blacklist file not installed): RSA 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx user@host
-+.Ed
-+.Pp
-+Each line is of the following format (any lines beginning with
-+.Dq #
-+should be ignored by scripts):
-+.Pp
-+.Dl Ar filename : Ns Ar line : Ar status : Ar type Ar size Ar fingerprint Ar comment
-+.Pp
-+It is important to distinguish between the possible values of
-+.Ar status :
-+.Pp
-+.Bl -tag -width Ds
-+.It COMPROMISED
-+These keys are listed in a blacklist file, normally because their
-+corresponding private keys are well-known.
-+Replacements must be generated using
-+.Xr ssh-keygen 1 .
-+.It Not blacklisted
-+A blacklist file exists for this key type and size, but this key is not
-+listed in it.
-+Unless there is some particular reason to believe otherwise, this key
-+may be used safely.
-+(Note that DSA keys used with the broken version of OpenSSL distributed
-+by Debian may be compromised in the event that anyone captured a network
-+trace, even if they were generated with a secure version of OpenSSL.)
-+.It Unknown (blacklist file not installed)
-+No blacklist file exists for this key type and size.
-+You should find a suitable published blacklist and install it before
-+deciding whether this key is safe to use.
-+.El
-+.Pp
-+The options are as follows:
-+.Bl -tag -width Ds
-+.It Fl a
-+Check keys of all users on the system.
-+You will typically need to run
-+.Nm
-+as root to use this option.
-+For each user,
-+.Nm
-+will check
-+.Pa ~/.ssh/id_rsa ,
-+.Pa ~/.ssh/id_dsa ,
-+.Pa ~/.ssh/identity ,
-+.Pa ~/.ssh/authorized_keys
-+and
-+.Pa ~/.ssh/authorized_keys2 .
-+It will also check the system's host keys.
-+.It Fl q
-+Quiet mode.
-+Normally,
-+.Nm
-+outputs the fingerprint of each key scanned, with a description of its
-+status.
-+This option suppresses that output.
-+.It Fl v
-+Verbose mode.
-+Normally,
-+.Nm
-+does not output anything for keys that are not listed in their corresponding
-+blacklist file (although it still produces output for keys for which there
-+is no blacklist file, since their status is unknown).
-+This option causes
-+.Nm
-+to produce output for all keys.
-+.El
-+.Sh EXIT STATUS
-+.Nm
-+will exit zero if any of the given keys were in the compromised list,
-+otherwise non-zero.
-+.Sh BLACKLIST FILE FORMAT
-+The blacklist file may start with comments, on lines starting with
-+.Dq # .
-+After these initial comments, it must follow a strict format:
-+.Pp
-+.Bl -bullet -offset indent -compact
-+.It
-+All the lines must be exactly the same length (20 characters followed by a
-+newline) and must be in sorted order.
-+.It
-+Each line must consist of the lower-case hexadecimal MD5 key fingerprint,
-+without colons, and with the first 12 characters removed (that is, the least
-+significant 80 bits of the fingerprint).
-+.El
-+.Pp
-+The key fingerprint may be generated using
-+.Xr ssh-keygen 1 :
-+.Pp
-+.Dl $ ssh-keygen -l -f /path/to/key
-+.Pp
-+This strict format is necessary to allow the blacklist file to be checked
-+quickly, using a binary-search algorithm.
-+.Sh FILES
-+.Bl -tag -width Ds
-+.It Pa ~/.ssh/id_rsa
-+If present, contains the protocol version 2 RSA authentication identity of
-+the user.
-+.It Pa ~/.ssh/id_dsa
-+If present, contains the protocol version 2 DSA authentication identity of
-+the user.
-+.It Pa ~/.ssh/identity
-+If present, contains the protocol version 1 RSA authentication identity of
-+the user.
-+.It Pa ~/.ssh/authorized_keys
-+If present, lists the public keys (RSA/DSA) that can be used for logging in
-+as this user.
-+.It Pa ~/.ssh/authorized_keys2
-+Obsolete name for
-+.Pa ~/.ssh/authorized_keys .
-+This file may still be present on some old systems, but should not be
-+created if it is missing.
-+.It Pa /etc/ssh/ssh_host_rsa_key
-+If present, contains the protocol version 2 RSA identity of the system.
-+.It Pa /etc/ssh/ssh_host_dsa_key
-+If present, contains the protocol version 2 DSA identity of the system.
-+.It Pa /etc/ssh/ssh_host_key
-+If present, contains the protocol version 1 RSA identity of the system.
-+.It Pa /usr/share/ssh/blacklist. Ns Ar TYPE Ns Pa - Ns Ar LENGTH
-+If present, lists the blacklisted keys of type
-+.Ar TYPE
-+.Pf ( Dq RSA
-+or
-+.Dq DSA )
-+and bit length
-+.Ar LENGTH .
-+The format of this file is described above.
-+RSA1 keys are converted to RSA before being checked in the blacklist.
-+Note that the fingerprints of RSA1 keys are computed differently, so you
-+will not be able to find them in the blacklist by hand.
-+.It Pa /etc/ssh/blacklist. Ns Ar TYPE Ns Pa - Ns Ar LENGTH
-+Same as
-+.Pa /usr/share/ssh/blacklist. Ns Ar TYPE Ns Pa - Ns Ar LENGTH ,
-+but may be edited by the system administrator to add new blacklist entries.
-+.El
-+.Sh SEE ALSO
-+.Xr ssh-keygen 1 ,
-+.Xr sshd 8
-+.Sh AUTHORS
-+.An -nosplit
-+.An Colin Watson Aq cjwatson@ubuntu.com
-+.Pp
-+Florian Weimer suggested the option to check keys of all users, and the idea
-+of processing
-+.Xr ssh-keyscan 1
-+output.
-diff --git a/ssh-vulnkey.c b/ssh-vulnkey.c
-new file mode 100644
-index 0000000..ca1a5be
---- /dev/null
-+++ b/ssh-vulnkey.c
-@@ -0,0 +1,386 @@
-+/*
-+ * Copyright (c) 2008 Canonical Ltd.  All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the above copyright
-+ *    notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ *    notice, this list of conditions and the following disclaimer in the
-+ *    documentation and/or other materials provided with the distribution.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+ */
-+
-+#include "includes.h"
-+
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+
-+#include <errno.h>
-+#include <string.h>
-+#include <stdio.h>
-+#include <fcntl.h>
-+#include <unistd.h>
-+
-+#include <openssl/evp.h>
-+
-+#include "xmalloc.h"
-+#include "ssh.h"
-+#include "log.h"
-+#include "key.h"
-+#include "authfile.h"
-+#include "pathnames.h"
-+#include "uidswap.h"
-+#include "misc.h"
-+
-+extern char *__progname;
-+
-+/* Default files to check */
-+static char *default_host_files[] = {
-+       _PATH_HOST_RSA_KEY_FILE,
-+       _PATH_HOST_DSA_KEY_FILE,
-+       _PATH_HOST_KEY_FILE,
-+       NULL
-+};
-+static char *default_files[] = {
-+       _PATH_SSH_CLIENT_ID_RSA,
-+       _PATH_SSH_CLIENT_ID_DSA,
-+       _PATH_SSH_CLIENT_IDENTITY,
-+       _PATH_SSH_USER_PERMITTED_KEYS,
-+       _PATH_SSH_USER_PERMITTED_KEYS2,
-+       NULL
-+};
-+
-+static int verbosity = 0;
-+
-+static int some_keys = 0;
-+static int some_unknown = 0;
-+static int some_compromised = 0;
-+
-+static void
-+usage(void)
-+{
-+       fprintf(stderr, "usage: %s [-aqv] [file ...]\n", __progname);
-+       fprintf(stderr, "Options:\n");
-+       fprintf(stderr, "  -a          Check keys of all users.\n");
-+       fprintf(stderr, "  -q          Quiet mode.\n");
-+       fprintf(stderr, "  -v          Verbose mode.\n");
-+       exit(1);
-+}
-+
-+static void
-+describe_key(const char *filename, u_long linenum, const char *msg,
-+    Key *key, const char *comment, int min_verbosity)
-+{
-+       char *fp;
-+
-+       fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
-+       if (verbosity >= min_verbosity) {
-+               if (strchr(filename, ':'))
-+                       printf("\"%s\"", filename);
-+               else
-+                       printf("%s", filename);
-+               printf(":%lu: %s: %s %u %s %s\n", linenum, msg,
-+                   key_type(key), key_size(key), fp, comment);
-+       }
-+       free(fp);
-+}
-+
-+static int
-+do_key(const char *filename, u_long linenum,
-+    Key *key, const char *comment)
-+{
-+       Key *public;
-+       int blacklist_status;
-+       int ret = 1;
-+
-+       some_keys = 1;
-+
-+       public = key_demote(key);
-+       if (public->type == KEY_RSA1)
-+               public->type = KEY_RSA;
-+
-+       blacklist_status = blacklisted_key(public, NULL);
-+       if (blacklist_status == -1) {
-+               describe_key(filename, linenum,
-+                   "Unknown (blacklist file not installed)", key, comment, 0);
-+               some_unknown = 1;
-+       } else if (blacklist_status == 1) {
-+               describe_key(filename, linenum,
-+                   "COMPROMISED", key, comment, 0);
-+               some_compromised = 1;
-+               ret = 0;
-+       } else
-+               describe_key(filename, linenum,
-+                   "Not blacklisted", key, comment, 1);
-+
-+       key_free(public);
-+
-+       return ret;
-+}
-+
-+static int
-+do_filename(const char *filename, int quiet_open)
-+{
-+       FILE *f;
-+       char line[SSH_MAX_PUBKEY_BYTES];
-+       char *cp;
-+       u_long linenum = 0;
-+       Key *key;
-+       char *comment = NULL;
-+       int found = 0, ret = 1;
-+
-+       /* Copy much of key_load_public's logic here so that we can read
-+        * several keys from a single file (e.g. authorized_keys).
-+        */
-+
-+       if (strcmp(filename, "-") != 0) {
-+               int save_errno;
-+               f = fopen(filename, "r");
-+               save_errno = errno;
-+               if (!f) {
-+                       char pubfile[MAXPATHLEN];
-+                       if (strlcpy(pubfile, filename, sizeof pubfile) <
-+                           sizeof(pubfile) &&
-+                           strlcat(pubfile, ".pub", sizeof pubfile) <
-+                           sizeof(pubfile))
-+                               f = fopen(pubfile, "r");
-+               }
-+               errno = save_errno; /* earlier errno is more useful */
-+               if (!f) {
-+                       if (!quiet_open)
-+                               perror(filename);
-+                       return -1;
-+               }
-+               if (verbosity > 0)
-+                       printf("# %s\n", filename);
-+       } else
-+               f = stdin;
-+       while (read_keyfile_line(f, filename, line, sizeof(line),
-+                   &linenum) != -1) {
-+               int i;
-+               char *space;
-+               int type;
-+               char *end;
-+
-+               /* Chop trailing newline. */
-+               i = strlen(line) - 1;
-+               if (line[i] == '\n')
-+                       line[i] = '\0';
-+
-+               /* Skip leading whitespace, empty and comment lines. */
-+               for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
-+                       ;
-+               if (!*cp || *cp == '\n' || *cp == '#')
-+                       continue;
-+
-+               /* Cope with ssh-keyscan output and options in
-+                * authorized_keys files.
-+                */
-+               space = strchr(cp, ' ');
-+               if (!space)
-+                       continue;
-+               *space = '\0';
-+               type = key_type_from_name(cp);
-+               *space = ' ';
-+               /* Leading number (RSA1) or valid type (RSA/DSA) indicates
-+                * that we have no host name or options to skip.
-+                */
-+               if ((strtol(cp, &end, 10) == 0 || *end != ' ') &&
-+                   type == KEY_UNSPEC) {
-+                       int quoted = 0;
-+
-+                       for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
-+                               if (*cp == '\\' && cp[1] == '"')
-+                                       cp++;   /* Skip both */
-+                               else if (*cp == '"')
-+                                       quoted = !quoted;
-+                       }
-+                       /* Skip remaining whitespace. */
-+                       for (; *cp == ' ' || *cp == '\t'; cp++)
-+                               ;
-+                       if (!*cp)
-+                               continue;
-+               }
-+
-+               /* Read and process the key itself. */
-+               key = key_new(KEY_RSA1);
-+               if (key_read(key, &cp) == 1) {
-+                       while (*cp == ' ' || *cp == '\t')
-+                               cp++;
-+                       if (!do_key(filename, linenum,
-+                           key, *cp ? cp : filename))
-+                               ret = 0;
-+                       found = 1;
-+               } else {
-+                       key_free(key);
-+                       key = key_new(KEY_UNSPEC);
-+                       if (key_read(key, &cp) == 1) {
-+                               while (*cp == ' ' || *cp == '\t')
-+                                       cp++;
-+                               if (!do_key(filename, linenum,
-+                                   key, *cp ? cp : filename))
-+                                       ret = 0;
-+                               found = 1;
-+                       }
-+               }
-+               key_free(key);
-+       }
-+       if (f != stdin)
-+               fclose(f);
-+
-+       if (!found && filename) {
-+               key = key_load_public(filename, &comment);
-+               if (key) {
-+                       if (!do_key(filename, 1, key, comment))
-+                               ret = 0;
-+                       found = 1;
-+               }
-+               free(comment);
-+       }
-+
-+       return ret;
-+}
-+
-+static int
-+do_host(int quiet_open)
-+{
-+       int i;
-+       struct stat st;
-+       int ret = 1;
-+
-+       for (i = 0; default_host_files[i]; i++) {
-+               if (stat(default_host_files[i], &st) < 0 && errno == ENOENT)
-+                       continue;
-+               if (!do_filename(default_host_files[i], quiet_open))
-+                       ret = 0;
-+       }
-+
-+       return ret;
-+}
-+
-+static int
-+do_user(const char *dir)
-+{
-+       int i;
-+       char *file;
-+       struct stat st;
-+       int ret = 1;
-+
-+       for (i = 0; default_files[i]; i++) {
-+               xasprintf(&file, "%s/%s", dir, default_files[i]);
-+               if (stat(file, &st) < 0 && errno == ENOENT) {
-+                       free(file);
-+                       continue;
-+               }
-+               if (!do_filename(file, 0))
-+                       ret = 0;
-+               free(file);
-+       }
-+
-+       return ret;
-+}
-+
-+int
-+main(int argc, char **argv)
-+{
-+       int opt, all_users = 0;
-+       int ret = 1;
-+       extern int optind;
-+
-+       /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
-+       sanitise_stdfd();
-+
-+       __progname = ssh_get_progname(argv[0]);
-+
-+       SSLeay_add_all_algorithms();
-+       log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
-+
-+       /* We don't need the RNG ourselves, but symbol references here allow
-+        * ld to link us properly.
-+        */
-+       seed_rng();
-+
-+       while ((opt = getopt(argc, argv, "ahqv")) != -1) {
-+               switch (opt) {
-+               case 'a':
-+                       all_users = 1;
-+                       break;
-+               case 'q':
-+                       verbosity--;
-+                       break;
-+               case 'v':
-+                       verbosity++;
-+                       break;
-+               case 'h':
-+               default:
-+                       usage();
-+               }
-+       }
-+
-+       if (all_users) {
-+               struct passwd *pw;
-+
-+               if (!do_host(0))
-+                       ret = 0;
-+
-+               while ((pw = getpwent()) != NULL) {
-+                       if (pw->pw_dir) {
-+                               temporarily_use_uid(pw);
-+                               if (!do_user(pw->pw_dir))
-+                                       ret = 0;
-+                               restore_uid();
-+                       }
-+               }
-+       } else if (optind == argc) {
-+               struct passwd *pw;
-+
-+               if (!do_host(1))
-+                       ret = 0;
-+
-+               if ((pw = getpwuid(geteuid())) == NULL)
-+                       fprintf(stderr, "No user found with uid %u\n",
-+                           (u_int)geteuid());
-+               else {
-+                       if (!do_user(pw->pw_dir))
-+                               ret = 0;
-+               }
-+       } else {
-+               while (optind < argc)
-+                       if (!do_filename(argv[optind++], 0))
-+                               ret = 0;
-+       }
-+
-+       if (verbosity >= 0) {
-+               if (some_unknown) {
-+                       printf("#\n");
-+                       printf("# The status of some keys on your system is unknown.\n");
-+                       printf("# You may need to install additional blacklist files.\n");
-+               }
-+               if (some_compromised) {
-+                       printf("#\n");
-+                       printf("# Some keys on your system have been compromised!\n");
-+                       printf("# You must replace them using ssh-keygen(1).\n");
-+               }
-+               if (some_unknown || some_compromised) {
-+                       printf("#\n");
-+                       printf("# See the ssh-vulnkey(1) manual page for further advice.\n");
-+               } else if (some_keys && verbosity > 0) {
-+                       printf("#\n");
-+                       printf("# No blacklisted keys!\n");
-+               }
-+       }
-+
-+       return ret;
-+}
-diff --git a/ssh.1 b/ssh.1
-index 62292cc..66a7007 100644
---- a/ssh.1
-+++ b/ssh.1
-@@ -1447,6 +1447,7 @@ if an error occurred.
- .Xr ssh-agent 1 ,
- .Xr ssh-keygen 1 ,
- .Xr ssh-keyscan 1 ,
-+.Xr ssh-vulnkey 1 ,
- .Xr tun 4 ,
- .Xr hosts.equiv 5 ,
- .Xr ssh_config 5 ,
-diff --git a/ssh.c b/ssh.c
-index 87233bc..567248d 100644
---- a/ssh.c
-+++ b/ssh.c
-@@ -1525,7 +1525,7 @@ ssh_session2(void)
- static void
- load_public_identity_files(void)
- {
--       char *filename, *cp, thishost[NI_MAXHOST];
-+       char *filename, *cp, thishost[NI_MAXHOST], *fp;
-        char *pwdir = NULL, *pwname = NULL;
-        int i = 0;
-        Key *public;
-@@ -1583,6 +1583,22 @@ load_public_identity_files(void)
-                public = key_load_public(filename, NULL);
-                debug("identity file %s type %d", filename,
-                    public ? public->type : -1);
-+               if (public && blacklisted_key(public, &fp) == 1) {
-+                       if (options.use_blacklisted_keys)
-+                               logit("Public key %s blacklisted (see "
-+                                   "ssh-vulnkey(1)); continuing anyway", fp);
-+                       else
-+                               logit("Public key %s blacklisted (see "
-+                                   "ssh-vulnkey(1)); refusing to send it",
-+                                   fp);
-+                       free(fp);
-+                       if (!options.use_blacklisted_keys) {
-+                               key_free(public);
-+                               free(filename);
-+                               filename = NULL;
-+                               public = NULL;
-+                       }
-+               }
-                free(options.identity_files[i]);
-                identity_files[n_ids] = filename;
-                identity_keys[n_ids] = public;
-diff --git a/ssh_config.5 b/ssh_config.5
-index e72919a..8d806c7 100644
---- a/ssh_config.5
-+++ b/ssh_config.5
-@@ -1229,6 +1229,23 @@ is not specified, it defaults to
- .Dq any .
- The default is
- .Dq any:any .
-+.It Cm UseBlacklistedKeys
-+Specifies whether
-+.Xr ssh 1
-+should use keys recorded in its blacklist of known-compromised keys (see
-+.Xr ssh-vulnkey 1 )
-+for authentication.
-+If
-+.Dq yes ,
-+then attempts to use compromised keys for authentication will be logged but
-+accepted.
-+It is strongly recommended that this be used only to install new authorized
-+keys on the remote system, and even then only with the utmost care.
-+If
-+.Dq no ,
-+then attempts to use compromised keys for authentication will be prevented.
-+The default is
-+.Dq no .
- .It Cm UsePrivilegedPort
- Specifies whether to use a privileged port for outgoing connections.
- The argument must be
-diff --git a/sshconnect2.c b/sshconnect2.c
-index 0b13530..93818c9 100644
---- a/sshconnect2.c
-+++ b/sshconnect2.c
-@@ -1491,6 +1491,8 @@ pubkey_prepare(Authctxt *authctxt)
- 
-        /* list of keys stored in the filesystem and PKCS#11 */
-        for (i = 0; i < options.num_identity_files; i++) {
-+               if (options.identity_files[i] == NULL)
-+                       continue;
-                key = options.identity_keys[i];
-                if (key && key->type == KEY_RSA1)
-                        continue;
-@@ -1608,7 +1610,7 @@ userauth_pubkey(Authctxt *authctxt)
-                        debug("Offering %s public key: %s", key_type(id->key),
-                            id->filename);
-                        sent = send_pubkey_test(authctxt, id);
--               } else if (id->key == NULL) {
-+               } else if (id->key == NULL && id->filename) {
-                        debug("Trying private key: %s", id->filename);
-                        id->key = load_identity_file(id->filename,
-                            id->userprovided);
-diff --git a/sshd.8 b/sshd.8
-index b0c7ab6..a604429 100644
---- a/sshd.8
-+++ b/sshd.8
-@@ -954,6 +954,7 @@ The content of this file is not sensitive; it can be world-readable.
- .Xr ssh-agent 1 ,
- .Xr ssh-keygen 1 ,
- .Xr ssh-keyscan 1 ,
-+.Xr ssh-vulnkey 1 ,
- .Xr chroot 2 ,
- .Xr hosts_access 5 ,
- .Xr login.conf 5 ,
-diff --git a/sshd.c b/sshd.c
-index e5c9835..fbe3284 100644
---- a/sshd.c
-+++ b/sshd.c
-@@ -1688,6 +1688,11 @@ main(int ac, char **av)
-                        sensitive_data.host_pubkeys[i] = NULL;
-                        continue;
-                }
-+               if (auth_key_is_revoked(key != NULL ? key : pubkey, 1)) {
-+                       sensitive_data.host_keys[i] = NULL;
-+                       sensitive_data.host_pubkeys[i] = NULL;
-+                       continue;
-+               }
- 
-                switch (keytype) {
-                case KEY_RSA1:
-diff --git a/sshd_config.5 b/sshd_config.5
-index 525d9c8..18ec81f 100644
---- a/sshd_config.5
-+++ b/sshd_config.5
-@@ -885,6 +885,20 @@ are refused if the number of unauthenticated connections reaches
- Specifies whether password authentication is allowed.
- The default is
- .Dq yes .
-+.It Cm PermitBlacklistedKeys
-+Specifies whether
-+.Xr sshd 8
-+should allow keys recorded in its blacklist of known-compromised keys (see
-+.Xr ssh-vulnkey 1 ) .
-+If
-+.Dq yes ,
-+then attempts to authenticate with compromised keys will be logged but
-+accepted.
-+If
-+.Dq no ,
-+then attempts to authenticate with compromised keys will be rejected.
-+The default is
-+.Dq no .
- .It Cm PermitEmptyPasswords
- When password authentication is allowed, it specifies whether the
- server allows login to accounts with empty password strings.
diff --git a/debian/patches/ssh1-keepalive.patch b/debian/patches/ssh1-keepalive.patch
index e563bda7c..1ab818a37 100644
--- a/debian/patches/ssh1-keepalive.patch
+++ b/debian/patches/ssh1-keepalive.patch
@@ -1,4 +1,4 @@
-From 4c7ed5c80e5f67277620ac973317cc516b67d0e7 Mon Sep 17 00:00:00 2001
+From 3d498ae4180b8338db5f960865882b3f781aec2a Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:09:51 +0000
 Subject: Partial server keep-alive implementation for SSH1
@@ -57,7 +57,7 @@ index 311dc13..dc76d69 100644
                 server_alive_time = now + options.server_alive_interval;
         }
 diff --git a/ssh_config.5 b/ssh_config.5
-index 8d806c7..89b25cd 100644
+index e72919a..1fc0a6b 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
 @@ -1130,7 +1130,10 @@ If, for example,
diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch
index a1eaa7513..40b26d002 100644
--- a/debian/patches/syslog-level-silent.patch
+++ b/debian/patches/syslog-level-silent.patch
@@ -1,4 +1,4 @@
-From bbddcd71a027a33919f859f35dae800335a2de6a Mon Sep 17 00:00:00 2001
+From b8a355b5db58dc489fca181e333dacf5e14f4f1d Mon Sep 17 00:00:00 2001
 From: Jonathan David Amery <jdamery@ysolde.ucam.org>
 Date: Sun, 9 Feb 2014 16:09:54 +0000
 Subject: "LogLevel SILENT" compatibility
@@ -33,7 +33,7 @@ index 32e1d2e..53e7b65 100644
         { "FATAL",      SYSLOG_LEVEL_FATAL },
         { "ERROR",      SYSLOG_LEVEL_ERROR },
 diff --git a/ssh.c b/ssh.c
-index 567248d..219a466 100644
+index 87233bc..5502889 100644
 --- a/ssh.c
 +++ b/ssh.c
 @@ -740,7 +740,7 @@ main(int ac, char **av)
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
index 9382d5086..cfc14523a 100644
--- a/debian/patches/user-group-modes.patch
+++ b/debian/patches/user-group-modes.patch
@@ -1,4 +1,4 @@
-From 7016a7e8a6b854833132db253fd5e392984bd4ea Mon Sep 17 00:00:00 2001
+From 2bb37315c1e077bc176e703fbf0028a1f6315d37 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:09:58 +0000
 Subject: Allow harmless group-writability
@@ -52,10 +52,10 @@ index 06ae7f0..f202787 100644
                             pw->pw_name, buf);
                         auth_debug_add("Bad file modes for %.200s", buf);
 diff --git a/auth.c b/auth.c
-index 6662e9a..7f6c6c8 100644
+index 9a36f1d..0c45f09 100644
 --- a/auth.c
 +++ b/auth.c
-@@ -408,8 +408,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
+@@ -407,8 +407,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
                 user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
                 if (options.strict_modes &&
                     (stat(user_hostfile, &st) == 0) &&
@@ -65,7 +65,7 @@ index 6662e9a..7f6c6c8 100644
                         logit("Authentication refused for %.100s: "
                             "bad owner or modes for %.200s",
                             pw->pw_name, user_hostfile);
-@@ -471,8 +470,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
+@@ -470,8 +469,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
                 snprintf(err, errlen, "%s is not a regular file", buf);
                 return -1;
         }
@@ -75,7 +75,7 @@ index 6662e9a..7f6c6c8 100644
                 snprintf(err, errlen, "bad ownership or modes for file %s",
                     buf);
                 return -1;
-@@ -487,8 +485,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
+@@ -486,8 +484,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
                 strlcpy(buf, cp, sizeof(buf));
  
                 if (stat(buf, &st) < 0 ||
@@ -216,7 +216,7 @@ index a962f15..0b3bee1 100644
 -       return 0;
 -}
 diff --git a/readconf.c b/readconf.c
-index 2dcbf31..389de7d 100644
+index dab7963..c741934 100644
 --- a/readconf.c
 +++ b/readconf.c
 @@ -30,6 +30,8 @@
@@ -228,7 +228,7 @@ index 2dcbf31..389de7d 100644
  #ifdef HAVE_UTIL_H
  #include <util.h>
  #endif
-@@ -1160,8 +1162,7 @@ read_config_file(const char *filename, const char *host, Options *options,
+@@ -1155,8 +1157,7 @@ read_config_file(const char *filename, const char *host, Options *options,
  
                 if (fstat(fileno(f), &sb) == -1)
                         fatal("fstat %s: %s", filename, strerror(errno));
@@ -239,7 +239,7 @@ index 2dcbf31..389de7d 100644
         }
  
 diff --git a/ssh.1 b/ssh.1
-index 66a7007..0b38ae1 100644
+index 62292cc..05ae6ad 100644
 --- a/ssh.1
 +++ b/ssh.1
 @@ -1338,6 +1338,8 @@ The file format and configuration options are described in
@@ -252,10 +252,10 @@ index 66a7007..0b38ae1 100644
  .It Pa ~/.ssh/environment
  Contains additional definitions for environment variables; see
 diff --git a/ssh_config.5 b/ssh_config.5
-index 135d833..1497cfc 100644
+index 6948680..a1e18d2 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -1382,6 +1382,8 @@ The format of this file is described above.
+@@ -1365,6 +1365,8 @@ The format of this file is described above.
  This file is used by the SSH client.
  Because of the potential for abuse, this file must have strict permissions:
  read/write for the user, and not accessible by others.
diff --git a/pathnames.h b/pathnames.h
index 47f7867d5..5027fbaed 100644
--- a/pathnames.h
+++ b/pathnames.h
@@ -18,10 +18,6 @@
 #define SSHDIR                          ETCDIR "/ssh"
 #endif
 
-#ifndef _PATH_SSH_DATADIR
-#define _PATH_SSH_DATADIR               "/usr/share/ssh"
-#endif
-
 #ifndef _PATH_SSH_PIDDIR
 #define _PATH_SSH_PIDDIR                "/var/run"
 #endif
@@ -48,9 +44,6 @@
 /* Backwards compatibility */
 #define _PATH_DH_PRIMES                 SSHDIR "/primes"
 
-#define _PATH_BLACKLIST                 _PATH_SSH_DATADIR "/blacklist"
-#define _PATH_BLACKLIST_CONFIG          SSHDIR "/blacklist"
-
 #ifndef _PATH_SSH_PROGRAM
 #define _PATH_SSH_PROGRAM               "/usr/bin/ssh"
 #endif
diff --git a/readconf.c b/readconf.c
index 2778176c6..e1e82c5ad 100644
--- a/readconf.c
+++ b/readconf.c
@@ -130,7 +130,6 @@ typedef enum {
         oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
         oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
         oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
-        oUseBlacklistedKeys,
         oHostKeyAlgorithms, oBindAddress, oPKCS11Provider,
         oClearAllForwardings, oNoHostAuthenticationForLocalhost,
         oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
@@ -165,7 +164,7 @@ static struct {
         { "passwordauthentication", oPasswordAuthentication },
         { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
         { "kbdinteractivedevices", oKbdInteractiveDevices },
-        { "useblacklistedkeys", oUseBlacklistedKeys },
+        { "useblacklistedkeys", oDeprecated },
         { "rsaauthentication", oRSAAuthentication },
         { "pubkeyauthentication", oPubkeyAuthentication },
         { "dsaauthentication", oPubkeyAuthentication },             /* alias */
@@ -530,10 +529,6 @@ parse_flag:
                 intptr = &options->challenge_response_authentication;
                 goto parse_flag;
 
-        case oUseBlacklistedKeys:
-                intptr = &options->use_blacklisted_keys;
-                goto parse_flag;
-
         case oGssAuthentication:
                 intptr = &options->gss_authentication;
                 goto parse_flag;
@@ -1222,7 +1217,6 @@ initialize_options(Options * options)
         options->kbd_interactive_devices = NULL;
         options->rhosts_rsa_authentication = -1;
         options->hostbased_authentication = -1;
-        options->use_blacklisted_keys = -1;
         options->batch_mode = -1;
         options->check_host_ip = -1;
         options->strict_host_key_checking = -1;
@@ -1333,8 +1327,6 @@ fill_default_options(Options * options)
                 options->rhosts_rsa_authentication = 0;
         if (options->hostbased_authentication == -1)
                 options->hostbased_authentication = 0;
-        if (options->use_blacklisted_keys == -1)
-                options->use_blacklisted_keys = 0;
         if (options->batch_mode == -1)
                 options->batch_mode = 0;
         if (options->check_host_ip == -1)
diff --git a/readconf.h b/readconf.h
index a508151f7..675b35dfe 100644
--- a/readconf.h
+++ b/readconf.h
@@ -59,7 +59,6 @@ typedef struct {
         int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
         char    *kbd_interactive_devices; /* Keyboard-interactive auth devices. */
         int     zero_knowledge_password_authentication; /* Try jpake */
-        int     use_blacklisted_keys;   /* If true, send */
         int     batch_mode;     /* Batch mode: do not ask for passwords. */
         int     check_host_ip;  /* Also keep track of keys for IP address */
         int     strict_host_key_checking;       /* Strict host key checking. */
diff --git a/servconf.c b/servconf.c
index a2928ff57..802db1d79 100644
--- a/servconf.c
+++ b/servconf.c
@@ -114,7 +114,6 @@ initialize_server_options(ServerOptions *options)
         options->password_authentication = -1;
         options->kbd_interactive_authentication = -1;
         options->challenge_response_authentication = -1;
-        options->permit_blacklisted_keys = -1;
         options->permit_empty_passwd = -1;
         options->permit_user_env = -1;
         options->use_login = -1;
@@ -259,8 +258,6 @@ fill_default_server_options(ServerOptions *options)
                 options->kbd_interactive_authentication = 0;
         if (options->challenge_response_authentication == -1)
                 options->challenge_response_authentication = 1;
-        if (options->permit_blacklisted_keys == -1)
-                options->permit_blacklisted_keys = 0;
         if (options->permit_empty_passwd == -1)
                 options->permit_empty_passwd = 0;
         if (options->permit_user_env == -1)
@@ -344,7 +341,7 @@ typedef enum {
         sListenAddress, sAddressFamily,
         sPrintMotd, sPrintLastLog, sIgnoreRhosts,
         sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
-        sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive,
+        sStrictModes, sEmptyPasswd, sTCPKeepAlive,
         sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
         sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
         sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
@@ -458,7 +455,7 @@ static struct {
         { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
         { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
         { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
-        { "permitblacklistedkeys", sPermitBlacklistedKeys, SSHCFG_GLOBAL },
+        { "permitblacklistedkeys", sDeprecated, SSHCFG_GLOBAL },
         { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
         { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
         { "uselogin", sUseLogin, SSHCFG_GLOBAL },
@@ -1167,10 +1164,6 @@ process_server_config_line(ServerOptions *options, char *line,
                 intptr = &options->tcp_keep_alive;
                 goto parse_flag;
 
-        case sPermitBlacklistedKeys:
-                intptr = &options->permit_blacklisted_keys;
-                goto parse_flag;
-
         case sEmptyPasswd:
                 intptr = &options->permit_empty_passwd;
                 goto parse_flag;
@@ -2053,7 +2046,6 @@ dump_config(ServerOptions *o)
         dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
         dump_cfg_fmtint(sStrictModes, o->strict_modes);
         dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
-        dump_cfg_fmtint(sPermitBlacklistedKeys, o->permit_blacklisted_keys);
         dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
         dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
         dump_cfg_fmtint(sUseLogin, o->use_login);
diff --git a/servconf.h b/servconf.h
index fd72ce2a3..1891a95a1 100644
--- a/servconf.h
+++ b/servconf.h
@@ -121,7 +121,6 @@ typedef struct {
         int     challenge_response_authentication;
         int     zero_knowledge_password_authentication;
                                         /* If true, permit jpake auth */
-        int     permit_blacklisted_keys;        /* If true, permit */
         int     permit_empty_passwd;    /* If false, do not permit empty
                                          * passwords. */
         int     permit_user_env;        /* If true, read ~/.ssh/environment */
diff --git a/ssh-add.1 b/ssh-add.1
index d394b2696..44846b67e 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -81,10 +81,6 @@ environment variable must contain the name of its socket for
 .Nm
 to work.
 .Pp
-Any keys recorded in the blacklist of known-compromised keys (see
-.Xr ssh-vulnkey 1 )
-will be refused.
-.Pp
 The options are as follows:
 .Bl -tag -width Ds
 .It Fl c
@@ -190,7 +186,6 @@ is unable to contact the authentication agent.
 .Xr ssh 1 ,
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,
-.Xr ssh-vulnkey 1 ,
 .Xr sshd 8
 .Sh AUTHORS
 OpenSSH is a derivative of the original and free
diff --git a/ssh-add.c b/ssh-add.c
index b309582f5..5e8166f66 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -167,7 +167,7 @@ static int
 add_file(AuthenticationConnection *ac, const char *filename, int key_only)
 {
         Key *private, *cert;
-        char *comment = NULL, *fp;
+        char *comment = NULL;
         char msg[1024], *certpath = NULL;
         int fd, perms_ok, ret = -1;
         Buffer keyblob;
@@ -243,14 +243,6 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only)
         } else {
                 fprintf(stderr, "Could not add identity: %s\n", filename);
         }
-        if (blacklisted_key(private, &fp) == 1) {
-                fprintf(stderr, "Public key %s blacklisted (see "
-                    "ssh-vulnkey(1)); refusing to add it\n", fp);
-                free(fp);
-                key_free(private);
-                free(comment);
-                return -1;
-        }
 
         /* Skip trying to load the cert if requested */
         if (key_only)
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 753cc625b..151cab0ef 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -805,7 +805,6 @@ The file format is described in
 .Xr ssh 1 ,
 .Xr ssh-add 1 ,
 .Xr ssh-agent 1 ,
-.Xr ssh-vulnkey 1 ,
 .Xr moduli 5 ,
 .Xr sshd 8
 .Rs
diff --git a/ssh-vulnkey.1 b/ssh-vulnkey.1
deleted file mode 100644
index bcb9d31c6..000000000
--- a/ssh-vulnkey.1
+++ /dev/null
@@ -1,242 +0,0 @@
-.\" Copyright (c) 2008 Canonical Ltd.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: May 12 2008 $
-.Dt SSH-VULNKEY 1
-.Os
-.Sh NAME
-.Nm ssh-vulnkey
-.Nd check blacklist of compromised keys
-.Sh SYNOPSIS
-.Nm
-.Op Fl q | Fl v
-.Ar file ...
-.Nm
-.Fl a
-.Sh DESCRIPTION
-.Nm
-checks a key against a blacklist of compromised keys.
-.Pp
-A substantial number of keys are known to have been generated using a broken
-version of OpenSSL distributed by Debian which failed to seed its random
-number generator correctly.
-Keys generated using these OpenSSL versions should be assumed to be
-compromised.
-This tool may be useful in checking for such keys.
-.Pp
-Keys that are compromised cannot be repaired; replacements must be generated
-using
-.Xr ssh-keygen 1 .
-Make sure to update
-.Pa authorized_keys
-files on all systems where compromised keys were permitted to authenticate.
-.Pp
-The argument list will be interpreted as a list of paths to public key files
-or
-.Pa authorized_keys
-files.
-If no suitable file is found at a given path,
-.Nm
-will append
-.Pa .pub
-and retry, in case it was given a private key file.
-If no files are given as arguments,
-.Nm
-will check
-.Pa ~/.ssh/id_rsa ,
-.Pa ~/.ssh/id_dsa ,
-.Pa ~/.ssh/identity ,
-.Pa ~/.ssh/authorized_keys
-and
-.Pa ~/.ssh/authorized_keys2 ,
-as well as the system's host keys if readable.
-.Pp
-If
-.Dq -
-is given as an argument,
-.Nm
-will read from standard input.
-This can be used to process output from
-.Xr ssh-keyscan 1 ,
-for example:
-.Pp
-.Dl $ ssh-keyscan -t rsa remote.example.org | ssh-vulnkey -
-.Pp
-Unless the
-.Cm PermitBlacklistedKeys
-option is used,
-.Xr sshd 8
-will reject attempts to authenticate with keys in the compromised list.
-.Pp
-The output from
-.Nm
-looks like this:
-.Pp
-.Bd -literal -offset indent
-/etc/ssh/ssh_host_key:1: COMPROMISED: RSA1 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx root@host
-/home/user/.ssh/id_dsa:1: Not blacklisted: DSA 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx /home/user/.ssh/id_dsa.pub
-/home/user/.ssh/authorized_keys:3: Unknown (blacklist file not installed): RSA 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx user@host
-.Ed
-.Pp
-Each line is of the following format (any lines beginning with
-.Dq #
-should be ignored by scripts):
-.Pp
-.Dl Ar filename : Ns Ar line : Ar status : Ar type Ar size Ar fingerprint Ar comment
-.Pp
-It is important to distinguish between the possible values of
-.Ar status :
-.Pp
-.Bl -tag -width Ds
-.It COMPROMISED
-These keys are listed in a blacklist file, normally because their
-corresponding private keys are well-known.
-Replacements must be generated using
-.Xr ssh-keygen 1 .
-.It Not blacklisted
-A blacklist file exists for this key type and size, but this key is not
-listed in it.
-Unless there is some particular reason to believe otherwise, this key
-may be used safely.
-(Note that DSA keys used with the broken version of OpenSSL distributed
-by Debian may be compromised in the event that anyone captured a network
-trace, even if they were generated with a secure version of OpenSSL.)
-.It Unknown (blacklist file not installed)
-No blacklist file exists for this key type and size.
-You should find a suitable published blacklist and install it before
-deciding whether this key is safe to use.
-.El
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl a
-Check keys of all users on the system.
-You will typically need to run
-.Nm
-as root to use this option.
-For each user,
-.Nm
-will check
-.Pa ~/.ssh/id_rsa ,
-.Pa ~/.ssh/id_dsa ,
-.Pa ~/.ssh/identity ,
-.Pa ~/.ssh/authorized_keys
-and
-.Pa ~/.ssh/authorized_keys2 .
-It will also check the system's host keys.
-.It Fl q
-Quiet mode.
-Normally,
-.Nm
-outputs the fingerprint of each key scanned, with a description of its
-status.
-This option suppresses that output.
-.It Fl v
-Verbose mode.
-Normally,
-.Nm
-does not output anything for keys that are not listed in their corresponding
-blacklist file (although it still produces output for keys for which there
-is no blacklist file, since their status is unknown).
-This option causes
-.Nm
-to produce output for all keys.
-.El
-.Sh EXIT STATUS
-.Nm
-will exit zero if any of the given keys were in the compromised list,
-otherwise non-zero.
-.Sh BLACKLIST FILE FORMAT
-The blacklist file may start with comments, on lines starting with
-.Dq # .
-After these initial comments, it must follow a strict format:
-.Pp
-.Bl -bullet -offset indent -compact
-.It
-All the lines must be exactly the same length (20 characters followed by a
-newline) and must be in sorted order.
-.It
-Each line must consist of the lower-case hexadecimal MD5 key fingerprint,
-without colons, and with the first 12 characters removed (that is, the least
-significant 80 bits of the fingerprint).
-.El
-.Pp
-The key fingerprint may be generated using
-.Xr ssh-keygen 1 :
-.Pp
-.Dl $ ssh-keygen -l -f /path/to/key
-.Pp
-This strict format is necessary to allow the blacklist file to be checked
-quickly, using a binary-search algorithm.
-.Sh FILES
-.Bl -tag -width Ds
-.It Pa ~/.ssh/id_rsa
-If present, contains the protocol version 2 RSA authentication identity of
-the user.
-.It Pa ~/.ssh/id_dsa
-If present, contains the protocol version 2 DSA authentication identity of
-the user.
-.It Pa ~/.ssh/identity
-If present, contains the protocol version 1 RSA authentication identity of
-the user.
-.It Pa ~/.ssh/authorized_keys
-If present, lists the public keys (RSA/DSA) that can be used for logging in
-as this user.
-.It Pa ~/.ssh/authorized_keys2
-Obsolete name for
-.Pa ~/.ssh/authorized_keys .
-This file may still be present on some old systems, but should not be
-created if it is missing.
-.It Pa /etc/ssh/ssh_host_rsa_key
-If present, contains the protocol version 2 RSA identity of the system.
-.It Pa /etc/ssh/ssh_host_dsa_key
-If present, contains the protocol version 2 DSA identity of the system.
-.It Pa /etc/ssh/ssh_host_key
-If present, contains the protocol version 1 RSA identity of the system.
-.It Pa /usr/share/ssh/blacklist. Ns Ar TYPE Ns Pa - Ns Ar LENGTH
-If present, lists the blacklisted keys of type
-.Ar TYPE
-.Pf ( Dq RSA
-or
-.Dq DSA )
-and bit length
-.Ar LENGTH .
-The format of this file is described above.
-RSA1 keys are converted to RSA before being checked in the blacklist.
-Note that the fingerprints of RSA1 keys are computed differently, so you
-will not be able to find them in the blacklist by hand.
-.It Pa /etc/ssh/blacklist. Ns Ar TYPE Ns Pa - Ns Ar LENGTH
-Same as
-.Pa /usr/share/ssh/blacklist. Ns Ar TYPE Ns Pa - Ns Ar LENGTH ,
-but may be edited by the system administrator to add new blacklist entries.
-.El
-.Sh SEE ALSO
-.Xr ssh-keygen 1 ,
-.Xr sshd 8
-.Sh AUTHORS
-.An -nosplit
-.An Colin Watson Aq cjwatson@ubuntu.com
-.Pp
-Florian Weimer suggested the option to check keys of all users, and the idea
-of processing
-.Xr ssh-keyscan 1
-output.
diff --git a/ssh-vulnkey.c b/ssh-vulnkey.c
deleted file mode 100644
index ca1a5be74..000000000
--- a/ssh-vulnkey.c
+++ /dev/null
@@ -1,386 +0,0 @@
-/*
- * Copyright (c) 2008 Canonical Ltd.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "includes.h"
-
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include <errno.h>
-#include <string.h>
-#include <stdio.h>
-#include <fcntl.h>
-#include <unistd.h>
-
-#include <openssl/evp.h>
-
-#include "xmalloc.h"
-#include "ssh.h"
-#include "log.h"
-#include "key.h"
-#include "authfile.h"
-#include "pathnames.h"
-#include "uidswap.h"
-#include "misc.h"
-
-extern char *__progname;
-
-/* Default files to check */
-static char *default_host_files[] = {
-        _PATH_HOST_RSA_KEY_FILE,
-        _PATH_HOST_DSA_KEY_FILE,
-        _PATH_HOST_KEY_FILE,
-        NULL
-};
-static char *default_files[] = {
-        _PATH_SSH_CLIENT_ID_RSA,
-        _PATH_SSH_CLIENT_ID_DSA,
-        _PATH_SSH_CLIENT_IDENTITY,
-        _PATH_SSH_USER_PERMITTED_KEYS,
-        _PATH_SSH_USER_PERMITTED_KEYS2,
-        NULL
-};
-
-static int verbosity = 0;
-
-static int some_keys = 0;
-static int some_unknown = 0;
-static int some_compromised = 0;
-
-static void
-usage(void)
-{
-        fprintf(stderr, "usage: %s [-aqv] [file ...]\n", __progname);
-        fprintf(stderr, "Options:\n");
-        fprintf(stderr, "  -a          Check keys of all users.\n");
-        fprintf(stderr, "  -q          Quiet mode.\n");
-        fprintf(stderr, "  -v          Verbose mode.\n");
-        exit(1);
-}
-
-static void
-describe_key(const char *filename, u_long linenum, const char *msg,
-    Key *key, const char *comment, int min_verbosity)
-{
-        char *fp;
-
-        fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
-        if (verbosity >= min_verbosity) {
-                if (strchr(filename, ':'))
-                        printf("\"%s\"", filename);
-                else
-                        printf("%s", filename);
-                printf(":%lu: %s: %s %u %s %s\n", linenum, msg,
-                    key_type(key), key_size(key), fp, comment);
-        }
-        free(fp);
-}
-
-static int
-do_key(const char *filename, u_long linenum,
-    Key *key, const char *comment)
-{
-        Key *public;
-        int blacklist_status;
-        int ret = 1;
-
-        some_keys = 1;
-
-        public = key_demote(key);
-        if (public->type == KEY_RSA1)
-                public->type = KEY_RSA;
-
-        blacklist_status = blacklisted_key(public, NULL);
-        if (blacklist_status == -1) {
-                describe_key(filename, linenum,
-                    "Unknown (blacklist file not installed)", key, comment, 0);
-                some_unknown = 1;
-        } else if (blacklist_status == 1) {
-                describe_key(filename, linenum,
-                    "COMPROMISED", key, comment, 0);
-                some_compromised = 1;
-                ret = 0;
-        } else
-                describe_key(filename, linenum,
-                    "Not blacklisted", key, comment, 1);
-
-        key_free(public);
-
-        return ret;
-}
-
-static int
-do_filename(const char *filename, int quiet_open)
-{
-        FILE *f;
-        char line[SSH_MAX_PUBKEY_BYTES];
-        char *cp;
-        u_long linenum = 0;
-        Key *key;
-        char *comment = NULL;
-        int found = 0, ret = 1;
-
-        /* Copy much of key_load_public's logic here so that we can read
-         * several keys from a single file (e.g. authorized_keys).
-         */
-
-        if (strcmp(filename, "-") != 0) {
-                int save_errno;
-                f = fopen(filename, "r");
-                save_errno = errno;
-                if (!f) {
-                        char pubfile[MAXPATHLEN];
-                        if (strlcpy(pubfile, filename, sizeof pubfile) <
-                            sizeof(pubfile) &&
-                            strlcat(pubfile, ".pub", sizeof pubfile) <
-                            sizeof(pubfile))
-                                f = fopen(pubfile, "r");
-                }
-                errno = save_errno; /* earlier errno is more useful */
-                if (!f) {
-                        if (!quiet_open)
-                                perror(filename);
-                        return -1;
-                }
-                if (verbosity > 0)
-                        printf("# %s\n", filename);
-        } else
-                f = stdin;
-        while (read_keyfile_line(f, filename, line, sizeof(line),
-                    &linenum) != -1) {
-                int i;
-                char *space;
-                int type;
-                char *end;
-
-                /* Chop trailing newline. */
-                i = strlen(line) - 1;
-                if (line[i] == '\n')
-                        line[i] = '\0';
-
-                /* Skip leading whitespace, empty and comment lines. */
-                for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
-                        ;
-                if (!*cp || *cp == '\n' || *cp == '#')
-                        continue;
-
-                /* Cope with ssh-keyscan output and options in
-                 * authorized_keys files.
-                 */
-                space = strchr(cp, ' ');
-                if (!space)
-                        continue;
-                *space = '\0';
-                type = key_type_from_name(cp);
-                *space = ' ';
-                /* Leading number (RSA1) or valid type (RSA/DSA) indicates
-                 * that we have no host name or options to skip.
-                 */
-                if ((strtol(cp, &end, 10) == 0 || *end != ' ') &&
-                    type == KEY_UNSPEC) {
-                        int quoted = 0;
-
-                        for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
-                                if (*cp == '\\' && cp[1] == '"')
-                                        cp++;   /* Skip both */
-                                else if (*cp == '"')
-                                        quoted = !quoted;
-                        }
-                        /* Skip remaining whitespace. */
-                        for (; *cp == ' ' || *cp == '\t'; cp++)
-                                ;
-                        if (!*cp)
-                                continue;
-                }
-
-                /* Read and process the key itself. */
-                key = key_new(KEY_RSA1);
-                if (key_read(key, &cp) == 1) {
-                        while (*cp == ' ' || *cp == '\t')
-                                cp++;
-                        if (!do_key(filename, linenum,
-                            key, *cp ? cp : filename))
-                                ret = 0;
-                        found = 1;
-                } else {
-                        key_free(key);
-                        key = key_new(KEY_UNSPEC);
-                        if (key_read(key, &cp) == 1) {
-                                while (*cp == ' ' || *cp == '\t')
-                                        cp++;
-                                if (!do_key(filename, linenum,
-                                    key, *cp ? cp : filename))
-                                        ret = 0;
-                                found = 1;
-                        }
-                }
-                key_free(key);
-        }
-        if (f != stdin)
-                fclose(f);
-
-        if (!found && filename) {
-                key = key_load_public(filename, &comment);
-                if (key) {
-                        if (!do_key(filename, 1, key, comment))
-                                ret = 0;
-                        found = 1;
-                }
-                free(comment);
-        }
-
-        return ret;
-}
-
-static int
-do_host(int quiet_open)
-{
-        int i;
-        struct stat st;
-        int ret = 1;
-
-        for (i = 0; default_host_files[i]; i++) {
-                if (stat(default_host_files[i], &st) < 0 && errno == ENOENT)
-                        continue;
-                if (!do_filename(default_host_files[i], quiet_open))
-                        ret = 0;
-        }
-
-        return ret;
-}
-
-static int
-do_user(const char *dir)
-{
-        int i;
-        char *file;
-        struct stat st;
-        int ret = 1;
-
-        for (i = 0; default_files[i]; i++) {
-                xasprintf(&file, "%s/%s", dir, default_files[i]);
-                if (stat(file, &st) < 0 && errno == ENOENT) {
-                        free(file);
-                        continue;
-                }
-                if (!do_filename(file, 0))
-                        ret = 0;
-                free(file);
-        }
-
-        return ret;
-}
-
-int
-main(int argc, char **argv)
-{
-        int opt, all_users = 0;
-        int ret = 1;
-        extern int optind;
-
-        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
-        sanitise_stdfd();
-
-        __progname = ssh_get_progname(argv[0]);
-
-        SSLeay_add_all_algorithms();
-        log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
-
-        /* We don't need the RNG ourselves, but symbol references here allow
-         * ld to link us properly.
-         */
-        seed_rng();
-
-        while ((opt = getopt(argc, argv, "ahqv")) != -1) {
-                switch (opt) {
-                case 'a':
-                        all_users = 1;
-                        break;
-                case 'q':
-                        verbosity--;
-                        break;
-                case 'v':
-                        verbosity++;
-                        break;
-                case 'h':
-                default:
-                        usage();
-                }
-        }
-
-        if (all_users) {
-                struct passwd *pw;
-
-                if (!do_host(0))
-                        ret = 0;
-
-                while ((pw = getpwent()) != NULL) {
-                        if (pw->pw_dir) {
-                                temporarily_use_uid(pw);
-                                if (!do_user(pw->pw_dir))
-                                        ret = 0;
-                                restore_uid();
-                        }
-                }
-        } else if (optind == argc) {
-                struct passwd *pw;
-
-                if (!do_host(1))
-                        ret = 0;
-
-                if ((pw = getpwuid(geteuid())) == NULL)
-                        fprintf(stderr, "No user found with uid %u\n",
-                            (u_int)geteuid());
-                else {
-                        if (!do_user(pw->pw_dir))
-                                ret = 0;
-                }
-        } else {
-                while (optind < argc)
-                        if (!do_filename(argv[optind++], 0))
-                                ret = 0;
-        }
-
-        if (verbosity >= 0) {
-                if (some_unknown) {
-                        printf("#\n");
-                        printf("# The status of some keys on your system is unknown.\n");
-                        printf("# You may need to install additional blacklist files.\n");
-                }
-                if (some_compromised) {
-                        printf("#\n");
-                        printf("# Some keys on your system have been compromised!\n");
-                        printf("# You must replace them using ssh-keygen(1).\n");
-                }
-                if (some_unknown || some_compromised) {
-                        printf("#\n");
-                        printf("# See the ssh-vulnkey(1) manual page for further advice.\n");
-                } else if (some_keys && verbosity > 0) {
-                        printf("#\n");
-                        printf("# No blacklisted keys!\n");
-                }
-        }
-
-        return ret;
-}
diff --git a/ssh.1 b/ssh.1
index c0cc12f43..63b057336 100644
--- a/ssh.1
+++ b/ssh.1
@@ -1454,7 +1454,6 @@ if an error occurred.
 .Xr ssh-argv0 1 ,
 .Xr ssh-keygen 1 ,
 .Xr ssh-keyscan 1 ,
-.Xr ssh-vulnkey 1 ,
 .Xr tun 4 ,
 .Xr hosts.equiv 5 ,
 .Xr ssh_config 5 ,
diff --git a/ssh.c b/ssh.c
index 219a46677..550288919 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1525,7 +1525,7 @@ ssh_session2(void)
 static void
 load_public_identity_files(void)
 {
-        char *filename, *cp, thishost[NI_MAXHOST], *fp;
+        char *filename, *cp, thishost[NI_MAXHOST];
         char *pwdir = NULL, *pwname = NULL;
         int i = 0;
         Key *public;
@@ -1583,22 +1583,6 @@ load_public_identity_files(void)
                 public = key_load_public(filename, NULL);
                 debug("identity file %s type %d", filename,
                     public ? public->type : -1);
-                if (public && blacklisted_key(public, &fp) == 1) {
-                        if (options.use_blacklisted_keys)
-                                logit("Public key %s blacklisted (see "
-                                    "ssh-vulnkey(1)); continuing anyway", fp);
-                        else
-                                logit("Public key %s blacklisted (see "
-                                    "ssh-vulnkey(1)); refusing to send it",
-                                    fp);
-                        free(fp);
-                        if (!options.use_blacklisted_keys) {
-                                key_free(public);
-                                free(filename);
-                                filename = NULL;
-                                public = NULL;
-                        }
-                }
                 free(options.identity_files[i]);
                 identity_files[n_ids] = filename;
                 identity_keys[n_ids] = public;
diff --git a/ssh_config.5 b/ssh_config.5
index 127540a60..01e7b6f23 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -1269,23 +1269,6 @@ is not specified, it defaults to
 .Dq any .
 The default is
 .Dq any:any .
-.It Cm UseBlacklistedKeys
-Specifies whether
-.Xr ssh 1
-should use keys recorded in its blacklist of known-compromised keys (see
-.Xr ssh-vulnkey 1 )
-for authentication.
-If
-.Dq yes ,
-then attempts to use compromised keys for authentication will be logged but
-accepted.
-It is strongly recommended that this be used only to install new authorized
-keys on the remote system, and even then only with the utmost care.
-If
-.Dq no ,
-then attempts to use compromised keys for authentication will be prevented.
-The default is
-.Dq no .
 .It Cm UsePrivilegedPort
 Specifies whether to use a privileged port for outgoing connections.
 The argument must be
diff --git a/sshconnect2.c b/sshconnect2.c
index 93818c991..0b13530ce 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1491,8 +1491,6 @@ pubkey_prepare(Authctxt *authctxt)
 
         /* list of keys stored in the filesystem and PKCS#11 */
         for (i = 0; i < options.num_identity_files; i++) {
-                if (options.identity_files[i] == NULL)
-                        continue;
                 key = options.identity_keys[i];
                 if (key && key->type == KEY_RSA1)
                         continue;
@@ -1610,7 +1608,7 @@ userauth_pubkey(Authctxt *authctxt)
                         debug("Offering %s public key: %s", key_type(id->key),
                             id->filename);
                         sent = send_pubkey_test(authctxt, id);
-                } else if (id->key == NULL && id->filename) {
+                } else if (id->key == NULL) {
                         debug("Trying private key: %s", id->filename);
                         id->key = load_identity_file(id->filename,
                             id->userprovided);
diff --git a/sshd.8 b/sshd.8
index b91f08cff..8e4017b4e 100644
--- a/sshd.8
+++ b/sshd.8
@@ -957,7 +957,6 @@ The content of this file is not sensitive; it can be world-readable.
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,
 .Xr ssh-keyscan 1 ,
-.Xr ssh-vulnkey 1 ,
 .Xr chroot 2 ,
 .Xr hosts_access 5 ,
 .Xr moduli 5 ,
diff --git a/sshd.c b/sshd.c
index 72e9eaf47..fd7f182a4 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1689,11 +1689,6 @@ main(int ac, char **av)
                         sensitive_data.host_pubkeys[i] = NULL;
                         continue;
                 }
-                if (auth_key_is_revoked(key != NULL ? key : pubkey, 1)) {
-                        sensitive_data.host_keys[i] = NULL;
-                        sensitive_data.host_pubkeys[i] = NULL;
-                        continue;
-                }
 
                 switch (keytype) {
                 case KEY_RSA1:
diff --git a/sshd_config.5 b/sshd_config.5
index faf93fc90..ca4cb193a 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -916,20 +916,6 @@ are refused if the number of unauthenticated connections reaches
 Specifies whether password authentication is allowed.
 The default is
 .Dq yes .
-.It Cm PermitBlacklistedKeys
-Specifies whether
-.Xr sshd 8
-should allow keys recorded in its blacklist of known-compromised keys (see
-.Xr ssh-vulnkey 1 ) .
-If
-.Dq yes ,
-then attempts to authenticate with compromised keys will be logged but
-accepted.
-If
-.Dq no ,
-then attempts to authenticate with compromised keys will be rejected.
-The default is
-.Dq no .
 .It Cm PermitEmptyPasswords
 When password authentication is allowed, it specifies whether the
 server allows login to accounts with empty password strings.