Age | Commit message (Collapse) | Author | |
---|---|---|---|
2008-05-26 | Add key type to ssh-vulnkey output. | Colin Watson | |
2008-05-26 | Document ssh-vulnkey key status descriptions (thanks, Hugh Daniel). | Colin Watson | |
2008-05-25 | Move ssh-vulnkey's exit status documentation to a separate section | Colin Watson | |
(thanks, Hugh Daniel). | |||
2008-05-25 | Add -v (verbose) option to ssh-vulnkey, and don't print output for keys | Colin Watson | |
that have a blacklist file but that are not listed unless in verbose mode (thanks, Hugh Daniel). | |||
2008-05-25 | Check for blacklists in /usr/share/ssh/ as well as /etc/ssh/ (see | Colin Watson | |
#481283). | |||
2008-05-17 | Check RSA1 keys without the need for a separate blacklist. Thanks to | Colin Watson | |
Simon Tatham for the idea. | |||
2008-05-14 | Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel). | Colin Watson | |
2008-05-12 | * Mitigate OpenSSL security vulnerability: | Colin Watson | |
- Add key blacklisting support. Keys listed in /etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by sshd, unless "PermitBlacklistedKeys yes" is set in /etc/ssh/sshd_config. - Add a new program, ssh-vulnkey, which can be used to check keys against these blacklists. - Depend on openssh-blacklist. - Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least 0.9.8g-9. - Automatically regenerate known-compromised host keys, with a critical-priority debconf note. (I regret that there was no time to gather translations.) |