Age | Commit message (Collapse) | Author |
|
exception of host keys unless -a was given (thanks, Hugh Daniel).
|
|
|
|
|
|
(thanks, Hugh Daniel).
|
|
that have a blacklist file but that are not listed unless in verbose
mode (thanks, Hugh Daniel).
|
|
#481721).
|
|
|
|
|
|
closes: #480020).
|
|
|
|
closes: #481151).
|
|
glitches (thanks, Petter Reinholdtsen; closes: #481018).
|
|
|
|
#481283).
|
|
(thanks, Heiko Schlittermann and Christopher Perry; closes: #481398).
|
|
|
|
|
|
#482341).
|
|
openssh-server.
|
|
|
|
they differ, to defend against recurrences of the recent Debian OpenSSL
vulnerability.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Simon Tatham for the idea.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- Add key blacklisting support. Keys listed in
/etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by
sshd, unless "PermitBlacklistedKeys yes" is set in
/etc/ssh/sshd_config.
- Add a new program, ssh-vulnkey, which can be used to check keys
against these blacklists.
- Depend on openssh-blacklist.
- Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least
0.9.8g-9.
- Automatically regenerate known-compromised host keys, with a
critical-priority debconf note. (I regret that there was no time to
gather translations.)
|