3 files changed, 35 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index b3f7fc49a..a35c39b94 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,7 @@ openssh (1:6.1p1-2) UNRELEASED; urgency=low
      been long enough since the relevant vulnerability that we shouldn't
      need these installed by default nowadays.
    - Add an Upstart job (not currently used by default in Debian).
+    - Add mention of ssh-keygen in ssh connect warning (Scott Moser).
  * Only build with -j if DEB_BUILD_OPTIONS=parallel=* is used (closes:
    #694282).
diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch
new file mode 100644
index 000000000..42b32638c
--- /dev/null
+++ b/debian/patches/mention-ssh-keygen-on-keychange.patch
@@ -0,0 +1,33 @@
+Description: Mention ssh-keygen in ssh fingerprint changed warning
+Author: Scott Moser <smoser@ubuntu.com>
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1843
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/686607
+Last-Update: 2010-12-14
+Index: b/sshconnect.c
+===================================================================
+--- a/sshconnect.c
+++ b/sshconnect.c
+@@ -956,9 +956,12 @@
+                        error("%s. This could either mean that", key_msg);
+                        error("DNS SPOOFING is happening or the IP address for the host");
+                        error("and its host key have changed at the same time.");
+-                       if (ip_status != HOST_NEW)
+                       if (ip_status != HOST_NEW) {
+                                error("Offending key for IP in %s:%lu",
+                                    ip_found->file, ip_found->line);
+                               error("  remove with: ssh-keygen -f \"%s\" -R %s",
+                                   ip_found->file, ip);
+                       }
+                }
+                /* The host key has changed. */
+                warn_changed_key(host_key);
+@@ -966,6 +969,8 @@
+                    user_hostfiles[0]);
+                error("Offending %s key in %s:%lu", key_type(host_found->key),
+                    host_found->file, host_found->line);
+               error("  remove with: ssh-keygen -f \"%s\" -R %s",
+                   host_found->file, host);
+ 
+                /*
+                 * If strict host key checking is in use, the user will have
diff --git a/debian/patches/series b/debian/patches/series
index c940d8384..cb6be9a28 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -26,6 +26,7 @@ scp-quoting.patch
 shell-path.patch
 dnssec-sshfp.patch
 auth-log-verbosity.patch
+mention-ssh-keygen-on-keychange.patch
 # Versioning
 package-versioning.patch

diff --git a/debian/changelog b/debian/changelog index b3f7fc49a..a35c39b94 100644 --- a/debian/changelog +++ b/debian/changelog
@@ -8,6 +8,7 @@ openssh (1:6.1p1-2) UNRELEASED; urgency=low
8	been long enough since the relevant vulnerability that we shouldn't	8	been long enough since the relevant vulnerability that we shouldn't
9	need these installed by default nowadays.	9	need these installed by default nowadays.
10	- Add an Upstart job (not currently used by default in Debian).	10	- Add an Upstart job (not currently used by default in Debian).
		11	- Add mention of ssh-keygen in ssh connect warning (Scott Moser).
11	* Only build with -j if DEB_BUILD_OPTIONS=parallel=* is used (closes:	12	* Only build with -j if DEB_BUILD_OPTIONS=parallel=* is used (closes:
12	#694282).	13	#694282).
13		14


diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch new file mode 100644 index 000000000..42b32638c --- /dev/null +++ b/debian/patches/mention-ssh-keygen-on-keychange.patch
@@ -0,0 +1,33 @@
		1	Description: Mention ssh-keygen in ssh fingerprint changed warning
		2	Author: Scott Moser <smoser@ubuntu.com>
		3	Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1843
		4	Bug-Ubuntu: https://bugs.launchpad.net/bugs/686607
		5	Last-Update: 2010-12-14
		6
		7	Index: b/sshconnect.c
		8	===================================================================
		9	--- a/sshconnect.c
		10	+++ b/sshconnect.c
		11	@@ -956,9 +956,12 @@
		12	error("%s. This could either mean that", key_msg);
		13	error("DNS SPOOFING is happening or the IP address for the host");
		14	error("and its host key have changed at the same time.");
		15	- if (ip_status != HOST_NEW)
		16	+ if (ip_status != HOST_NEW) {
		17	error("Offending key for IP in %s:%lu",
		18	ip_found->file, ip_found->line);
		19	+ error(" remove with: ssh-keygen -f \"%s\" -R %s",
		20	+ ip_found->file, ip);
		21	+ }
		22	}
		23	/* The host key has changed. */
		24	warn_changed_key(host_key);
		25	@@ -966,6 +969,8 @@
		26	user_hostfiles[0]);
		27	error("Offending %s key in %s:%lu", key_type(host_found->key),
		28	host_found->file, host_found->line);
		29	+ error(" remove with: ssh-keygen -f \"%s\" -R %s",
		30	+ host_found->file, host);
		31
		32	/*
		33	* If strict host key checking is in use, the user will have


diff --git a/debian/patches/series b/debian/patches/series index c940d8384..cb6be9a28 100644 --- a/debian/patches/series +++ b/debian/patches/series
@@ -26,6 +26,7 @@ scp-quoting.patch
26	shell-path.patch	26	shell-path.patch
27	dnssec-sshfp.patch	27	dnssec-sshfp.patch
28	auth-log-verbosity.patch	28	auth-log-verbosity.patch
		29	mention-ssh-keygen-on-keychange.patch
29		30
30	# Versioning	31	# Versioning
31	package-versioning.patch	32	package-versioning.patch