1 files changed, 387 insertions, 0 deletions
diff --git a/ssh-vulnkey.c b/ssh-vulnkey.c
new file mode 100644
index 000000000..f8125e0bb
--- /dev/null
+++ b/ssh-vulnkey.c
@@ -0,0 +1,387 @@
+/*
+ * Copyright (c) 2008 Canonical Ltd.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "includes.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <errno.h>
+#include <string.h>
+#include <stdio.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <openssl/evp.h>
+#include "xmalloc.h"
+#include "ssh.h"
+#include "log.h"
+#include "key.h"
+#include "authfile.h"
+#include "pathnames.h"
+#include "uidswap.h"
+#include "misc.h"
+extern char *__progname;
+/* Default files to check */
+static char *default_host_files[] = {
+        _PATH_HOST_RSA_KEY_FILE,
+        _PATH_HOST_DSA_KEY_FILE,
+        _PATH_HOST_KEY_FILE,
+        NULL
+};
+static char *default_files[] = {
+        _PATH_SSH_CLIENT_ID_RSA,
+        _PATH_SSH_CLIENT_ID_DSA,
+        _PATH_SSH_CLIENT_IDENTITY,
+        _PATH_SSH_USER_PERMITTED_KEYS,
+        _PATH_SSH_USER_PERMITTED_KEYS2,
+        NULL
+};
+static int verbosity = 0;
+static int some_keys = 0;
+static int some_unknown = 0;
+static int some_compromised = 0;
+static void
+usage(void)
+{
+        fprintf(stderr, "usage: %s [-aqv] [file ...]\n", __progname);
+        fprintf(stderr, "Options:\n");
+        fprintf(stderr, "  -a          Check keys of all users.\n");
+        fprintf(stderr, "  -q          Quiet mode.\n");
+        fprintf(stderr, "  -v          Verbose mode.\n");
+        exit(1);
+}
+static void
+describe_key(const char *filename, u_long linenum, const char *msg,
+    Key *key, const char *comment, int min_verbosity)
+{
+        char *fp;
+        fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+        if (verbosity >= min_verbosity) {
+                if (strchr(filename, ':'))
+                        printf("\"%s\"", filename);
+                else
+                        printf("%s", filename);
+                printf(":%lu: %s: %s %u %s %s\n", linenum, msg,
+                    key_type(key), key_size(key), fp, comment);
+        }
+        xfree(fp);
+}
+static int
+do_key(const char *filename, u_long linenum,
+    Key *key, const char *comment)
+{
+        Key *public;
+        int blacklist_status;
+        int ret = 1;
+        some_keys = 1;
+        public = key_demote(key);
+        if (public->type == KEY_RSA1)
+                public->type = KEY_RSA;
+        blacklist_status = blacklisted_key(public, NULL);
+        if (blacklist_status == -1) {
+                describe_key(filename, linenum,
+                    "Unknown (blacklist file not installed)", key, comment, 0);
+                some_unknown = 1;
+        } else if (blacklist_status == 1) {
+                describe_key(filename, linenum,
+                    "COMPROMISED", key, comment, 0);
+                some_compromised = 1;
+                ret = 0;
+        } else
+                describe_key(filename, linenum,
+                    "Not blacklisted", key, comment, 1);
+        key_free(public);
+        return ret;
+}
+static int
+do_filename(const char *filename, int quiet_open)
+{
+        FILE *f;
+        char line[SSH_MAX_PUBKEY_BYTES];
+        char *cp;
+        u_long linenum = 0;
+        Key *key;
+        char *comment = NULL;
+        int found = 0, ret = 1;
+        /* Copy much of key_load_public's logic here so that we can read
+         * several keys from a single file (e.g. authorized_keys).
+         */
+        if (strcmp(filename, "-") != 0) {
+                int save_errno;
+                f = fopen(filename, "r");
+                save_errno = errno;
+                if (!f) {
+                        char pubfile[MAXPATHLEN];
+                        if (strlcpy(pubfile, filename, sizeof pubfile) <
+                            sizeof(pubfile) &&
+                            strlcat(pubfile, ".pub", sizeof pubfile) <
+                            sizeof(pubfile))
+                                f = fopen(pubfile, "r");
+                }
+                errno = save_errno; /* earlier errno is more useful */
+                if (!f) {
+                        if (!quiet_open)
+                                perror(filename);
+                        return -1;
+                }
+                if (verbosity > 0)
+                        printf("# %s\n", filename);
+        } else
+                f = stdin;
+        while (read_keyfile_line(f, filename, line, sizeof(line),
+                    &linenum) != -1) {
+                int i;
+                char *space;
+                int type;
+                char *end;
+                /* Chop trailing newline. */
+                i = strlen(line) - 1;
+                if (line[i] == '\n')
+                        line[i] = '\0';
+                /* Skip leading whitespace, empty and comment lines. */
+                for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
+                        ;
+                if (!*cp || *cp == '\n' || *cp == '#')
+                        continue;
+                /* Cope with ssh-keyscan output and options in
+                 * authorized_keys files.
+                 */
+                space = strchr(cp, ' ');
+                if (!space)
+                        continue;
+                *space = '\0';
+                type = key_type_from_name(cp);
+                *space = ' ';
+                /* Leading number (RSA1) or valid type (RSA/DSA) indicates
+                 * that we have no host name or options to skip.
+                 */
+                if ((strtol(cp, &end, 10) == 0 || *end != ' ') &&
+                    type == KEY_UNSPEC) {
+                        int quoted = 0;
+                        for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
+                                if (*cp == '\\' && cp[1] == '"')
+                                        cp++;   /* Skip both */
+                                else if (*cp == '"')
+                                        quoted = !quoted;
+                        }
+                        /* Skip remaining whitespace. */
+                        for (; *cp == ' ' || *cp == '\t'; cp++)
+                                ;
+                        if (!*cp)
+                                continue;
+                }
+                /* Read and process the key itself. */
+                key = key_new(KEY_RSA1);
+                if (key_read(key, &cp) == 1) {
+                        while (*cp == ' ' || *cp == '\t')
+                                cp++;
+                        if (!do_key(filename, linenum,
+                            key, *cp ? cp : filename))
+                                ret = 0;
+                        found = 1;
+                } else {
+                        key_free(key);
+                        key = key_new(KEY_UNSPEC);
+                        if (key_read(key, &cp) == 1) {
+                                while (*cp == ' ' || *cp == '\t')
+                                        cp++;
+                                if (!do_key(filename, linenum,
+                                    key, *cp ? cp : filename))
+                                        ret = 0;
+                                found = 1;
+                        }
+                }
+                key_free(key);
+        }
+        if (f != stdin)
+                fclose(f);
+        if (!found && filename) {
+                key = key_load_public(filename, &comment);
+                if (key) {
+                        if (!do_key(filename, 1, key, comment))
+                                ret = 0;
+                        found = 1;
+                }
+                if (comment)
+                        xfree(comment);
+        }
+        return ret;
+}
+static int
+do_host(int quiet_open)
+{
+        int i;
+        struct stat st;
+        int ret = 1;
+        for (i = 0; default_host_files[i]; i++) {
+                if (stat(default_host_files[i], &st) < 0 && errno == ENOENT)
+                        continue;
+                if (!do_filename(default_host_files[i], quiet_open))
+                        ret = 0;
+        }
+        return ret;
+}
+static int
+do_user(const char *dir)
+{
+        int i;
+        char *file;
+        struct stat st;
+        int ret = 1;
+        for (i = 0; default_files[i]; i++) {
+                xasprintf(&file, "%s/%s", dir, default_files[i]);
+                if (stat(file, &st) < 0 && errno == ENOENT) {
+                        xfree(file);
+                        continue;
+                }
+                if (!do_filename(file, 0))
+                        ret = 0;
+                xfree(file);
+        }
+        return ret;
+}
+int
+main(int argc, char **argv)
+{
+        int opt, all_users = 0;
+        int ret = 1;
+        extern int optind;
+        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+        sanitise_stdfd();
+        __progname = ssh_get_progname(argv[0]);
+        SSLeay_add_all_algorithms();
+        log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
+        /* We don't need the RNG ourselves, but symbol references here allow
+         * ld to link us properly.
+         */
+        seed_rng();
+        while ((opt = getopt(argc, argv, "ahqv")) != -1) {
+                switch (opt) {
+                case 'a':
+                        all_users = 1;
+                        break;
+                case 'q':
+                        verbosity--;
+                        break;
+                case 'v':
+                        verbosity++;
+                        break;
+                case 'h':
+                default:
+                        usage();
+                }
+        }
+        if (all_users) {
+                struct passwd *pw;
+                if (!do_host(0))
+                        ret = 0;
+                while ((pw = getpwent()) != NULL) {
+                        if (pw->pw_dir) {
+                                temporarily_use_uid(pw);
+                                if (!do_user(pw->pw_dir))
+                                        ret = 0;
+                                restore_uid();
+                        }
+                }
+        } else if (optind == argc) {
+                struct passwd *pw;
+                if (!do_host(1))
+                        ret = 0;
+                if ((pw = getpwuid(geteuid())) == NULL)
+                        fprintf(stderr, "No user found with uid %u\n",
+                            (u_int)geteuid());
+                else {
+                        if (!do_user(pw->pw_dir))
+                                ret = 0;
+                }
+        } else {
+                while (optind < argc)
+                        if (!do_filename(argv[optind++], 0))
+                                ret = 0;
+        }
+        if (verbosity >= 0) {
+                if (some_unknown) {
+                        printf("#\n");
+                        printf("# The status of some keys on your system is unknown.\n");
+                        printf("# You may need to install additional blacklist files.\n");
+                }
+                if (some_compromised) {
+                        printf("#\n");
+                        printf("# Some keys on your system have been compromised!\n");
+                        printf("# You must replace them using ssh-keygen(1).\n");
+                }
+                if (some_unknown || some_compromised) {
+                        printf("#\n");
+                        printf("# See the ssh-vulnkey(1) manual page for further advice.\n");
+                } else if (some_keys && verbosity > 0) {
+                        printf("#\n");
+                        printf("# No blacklisted keys!\n");
+                }
+        }
+        return ret;
+}

diff --git a/ssh-vulnkey.c b/ssh-vulnkey.c new file mode 100644 index 000000000..f8125e0bb --- /dev/null +++ b/ssh-vulnkey.c
@@ -0,0 +1,387 @@
	1	/*
	2	* Copyright (c) 2008 Canonical Ltd. All rights reserved.
	3	*
	4	* Redistribution and use in source and binary forms, with or without
	5	* modification, are permitted provided that the following conditions
	6	* are met:
	7	* 1. Redistributions of source code must retain the above copyright
	8	* notice, this list of conditions and the following disclaimer.
	9	* 2. Redistributions in binary form must reproduce the above copyright
	10	* notice, this list of conditions and the following disclaimer in the
	11	* documentation and/or other materials provided with the distribution.
	12	*
	13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	23	*/
	24
	25	#include "includes.h"
	26
	27	#include <sys/types.h>
	28	#include <sys/stat.h>
	29
	30	#include <errno.h>
	31	#include <string.h>
	32	#include <stdio.h>
	33	#include <fcntl.h>
	34	#include <unistd.h>
	35
	36	#include <openssl/evp.h>
	37
	38	#include "xmalloc.h"
	39	#include "ssh.h"
	40	#include "log.h"
	41	#include "key.h"
	42	#include "authfile.h"
	43	#include "pathnames.h"
	44	#include "uidswap.h"
	45	#include "misc.h"
	46
	47	extern char *__progname;
	48
	49	/* Default files to check */
	50	static char *default_host_files[] = {
	51	_PATH_HOST_RSA_KEY_FILE,
	52	_PATH_HOST_DSA_KEY_FILE,
	53	_PATH_HOST_KEY_FILE,
	54	NULL
	55	};
	56	static char *default_files[] = {
	57	_PATH_SSH_CLIENT_ID_RSA,
	58	_PATH_SSH_CLIENT_ID_DSA,
	59	_PATH_SSH_CLIENT_IDENTITY,
	60	_PATH_SSH_USER_PERMITTED_KEYS,
	61	_PATH_SSH_USER_PERMITTED_KEYS2,
	62	NULL
	63	};
	64
	65	static int verbosity = 0;
	66
	67	static int some_keys = 0;
	68	static int some_unknown = 0;
	69	static int some_compromised = 0;
	70
	71	static void
	72	usage(void)
	73	{
	74	fprintf(stderr, "usage: %s [-aqv] [file ...]\n", __progname);
	75	fprintf(stderr, "Options:\n");
	76	fprintf(stderr, " -a Check keys of all users.\n");
	77	fprintf(stderr, " -q Quiet mode.\n");
	78	fprintf(stderr, " -v Verbose mode.\n");
	79	exit(1);
	80	}
	81
	82	static void
	83	describe_key(const char filename, u_long linenum, const char msg,
	84	Key key, const char comment, int min_verbosity)
	85	{
	86	char *fp;
	87
	88	fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
	89	if (verbosity >= min_verbosity) {
	90	if (strchr(filename, ':'))
	91	printf("\"%s\"", filename);
	92	else
	93	printf("%s", filename);
	94	printf(":%lu: %s: %s %u %s %s\n", linenum, msg,
	95	key_type(key), key_size(key), fp, comment);
	96	}
	97	xfree(fp);
	98	}
	99
	100	static int
	101	do_key(const char *filename, u_long linenum,
	102	Key key, const char comment)
	103	{
	104	Key *public;
	105	int blacklist_status;
	106	int ret = 1;
	107
	108	some_keys = 1;
	109
	110	public = key_demote(key);
	111	if (public->type == KEY_RSA1)
	112	public->type = KEY_RSA;
	113
	114	blacklist_status = blacklisted_key(public, NULL);
	115	if (blacklist_status == -1) {
	116	describe_key(filename, linenum,
	117	"Unknown (blacklist file not installed)", key, comment, 0);
	118	some_unknown = 1;
	119	} else if (blacklist_status == 1) {
	120	describe_key(filename, linenum,
	121	"COMPROMISED", key, comment, 0);
	122	some_compromised = 1;
	123	ret = 0;
	124	} else
	125	describe_key(filename, linenum,
	126	"Not blacklisted", key, comment, 1);
	127
	128	key_free(public);
	129
	130	return ret;
	131	}
	132
	133	static int
	134	do_filename(const char *filename, int quiet_open)
	135	{
	136	FILE *f;
	137	char line[SSH_MAX_PUBKEY_BYTES];
	138	char *cp;
	139	u_long linenum = 0;
	140	Key *key;
	141	char *comment = NULL;
	142	int found = 0, ret = 1;
	143
	144	/* Copy much of key_load_public's logic here so that we can read
	145	* several keys from a single file (e.g. authorized_keys).
	146	*/
	147
	148	if (strcmp(filename, "-") != 0) {
	149	int save_errno;
	150	f = fopen(filename, "r");
	151	save_errno = errno;
	152	if (!f) {
	153	char pubfile[MAXPATHLEN];
	154	if (strlcpy(pubfile, filename, sizeof pubfile) <
	155	sizeof(pubfile) &&
	156	strlcat(pubfile, ".pub", sizeof pubfile) <
	157	sizeof(pubfile))
	158	f = fopen(pubfile, "r");
	159	}
	160	errno = save_errno; /* earlier errno is more useful */
	161	if (!f) {
	162	if (!quiet_open)
	163	perror(filename);
	164	return -1;
	165	}
	166	if (verbosity > 0)
	167	printf("# %s\n", filename);
	168	} else
	169	f = stdin;
	170	while (read_keyfile_line(f, filename, line, sizeof(line),
	171	&linenum) != -1) {
	172	int i;
	173	char *space;
	174	int type;
	175	char *end;
	176
	177	/* Chop trailing newline. */
	178	i = strlen(line) - 1;
	179	if (line[i] == '\n')
	180	line[i] = '\0';
	181
	182	/* Skip leading whitespace, empty and comment lines. */
	183	for (cp = line; cp == ' ' \|\| cp == '\t'; cp++)
	184	;
	185	if (!cp \|\| cp == '\n' \|\| *cp == '#')
	186	continue;
	187
	188	/* Cope with ssh-keyscan output and options in
	189	* authorized_keys files.
	190	*/
	191	space = strchr(cp, ' ');
	192	if (!space)
	193	continue;
	194	*space = '\0';
	195	type = key_type_from_name(cp);
	196	*space = ' ';
	197	/* Leading number (RSA1) or valid type (RSA/DSA) indicates
	198	* that we have no host name or options to skip.
	199	*/
	200	if ((strtol(cp, &end, 10) == 0 \|\| *end != ' ') &&
	201	type == KEY_UNSPEC) {
	202	int quoted = 0;
	203
	204	for (; cp && (quoted \|\| (cp != ' ' && *cp != '\t')); cp++) {
	205	if (*cp == '\\' && cp[1] == '"')
	206	cp++; /* Skip both */
	207	else if (*cp == '"')
	208	quoted = !quoted;
	209	}
	210	/* Skip remaining whitespace. */
	211	for (; cp == ' ' \|\| cp == '\t'; cp++)
	212	;
	213	if (!*cp)
	214	continue;
	215	}
	216
	217	/* Read and process the key itself. */
	218	key = key_new(KEY_RSA1);
	219	if (key_read(key, &cp) == 1) {
	220	while (cp == ' ' \|\| cp == '\t')
	221	cp++;
	222	if (!do_key(filename, linenum,
	223	key, *cp ? cp : filename))
	224	ret = 0;
	225	found = 1;
	226	} else {
	227	key_free(key);
	228	key = key_new(KEY_UNSPEC);
	229	if (key_read(key, &cp) == 1) {
	230	while (cp == ' ' \|\| cp == '\t')
	231	cp++;
	232	if (!do_key(filename, linenum,
	233	key, *cp ? cp : filename))
	234	ret = 0;
	235	found = 1;
	236	}
	237	}
	238	key_free(key);
	239	}
	240	if (f != stdin)
	241	fclose(f);
	242
	243	if (!found && filename) {
	244	key = key_load_public(filename, &comment);
	245	if (key) {
	246	if (!do_key(filename, 1, key, comment))
	247	ret = 0;
	248	found = 1;
	249	}
	250	if (comment)
	251	xfree(comment);
	252	}
	253
	254	return ret;
	255	}
	256
	257	static int
	258	do_host(int quiet_open)
	259	{
	260	int i;
	261	struct stat st;
	262	int ret = 1;
	263
	264	for (i = 0; default_host_files[i]; i++) {
	265	if (stat(default_host_files[i], &st) < 0 && errno == ENOENT)
	266	continue;
	267	if (!do_filename(default_host_files[i], quiet_open))
	268	ret = 0;
	269	}
	270
	271	return ret;
	272	}
	273
	274	static int
	275	do_user(const char *dir)
	276	{
	277	int i;
	278	char *file;
	279	struct stat st;
	280	int ret = 1;
	281
	282	for (i = 0; default_files[i]; i++) {
	283	xasprintf(&file, "%s/%s", dir, default_files[i]);
	284	if (stat(file, &st) < 0 && errno == ENOENT) {
	285	xfree(file);
	286	continue;
	287	}
	288	if (!do_filename(file, 0))
	289	ret = 0;
	290	xfree(file);
	291	}
	292
	293	return ret;
	294	}
	295
	296	int
	297	main(int argc, char **argv)
	298	{
	299	int opt, all_users = 0;
	300	int ret = 1;
	301	extern int optind;
	302
	303	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
	304	sanitise_stdfd();
	305
	306	__progname = ssh_get_progname(argv[0]);
	307
	308	SSLeay_add_all_algorithms();
	309	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
	310
	311	/* We don't need the RNG ourselves, but symbol references here allow
	312	* ld to link us properly.
	313	*/
	314	seed_rng();
	315
	316	while ((opt = getopt(argc, argv, "ahqv")) != -1) {
	317	switch (opt) {
	318	case 'a':
	319	all_users = 1;
	320	break;
	321	case 'q':
	322	verbosity--;
	323	break;
	324	case 'v':
	325	verbosity++;
	326	break;
	327	case 'h':
	328	default:
	329	usage();
	330	}
	331	}
	332
	333	if (all_users) {
	334	struct passwd *pw;
	335
	336	if (!do_host(0))
	337	ret = 0;
	338
	339	while ((pw = getpwent()) != NULL) {
	340	if (pw->pw_dir) {
	341	temporarily_use_uid(pw);
	342	if (!do_user(pw->pw_dir))
	343	ret = 0;
	344	restore_uid();
	345	}
	346	}
	347	} else if (optind == argc) {
	348	struct passwd *pw;
	349
	350	if (!do_host(1))
	351	ret = 0;
	352
	353	if ((pw = getpwuid(geteuid())) == NULL)
	354	fprintf(stderr, "No user found with uid %u\n",
	355	(u_int)geteuid());
	356	else {
	357	if (!do_user(pw->pw_dir))
	358	ret = 0;
	359	}
	360	} else {
	361	while (optind < argc)
	362	if (!do_filename(argv[optind++], 0))
	363	ret = 0;
	364	}
	365
	366	if (verbosity >= 0) {
	367	if (some_unknown) {
	368	printf("#\n");
	369	printf("# The status of some keys on your system is unknown.\n");
	370	printf("# You may need to install additional blacklist files.\n");
	371	}
	372	if (some_compromised) {
	373	printf("#\n");
	374	printf("# Some keys on your system have been compromised!\n");
	375	printf("# You must replace them using ssh-keygen(1).\n");
	376	}
	377	if (some_unknown \|\| some_compromised) {
	378	printf("#\n");
	379	printf("# See the ssh-vulnkey(1) manual page for further advice.\n");
	380	} else if (some_keys && verbosity > 0) {
	381	printf("#\n");
	382	printf("# No blacklisted keys!\n");
	383	}
	384	}
	385
	386	return ret;
	387	}