summaryrefslogtreecommitdiff
path: root/ssh-vulnkey.c
AgeCommit message (Collapse)Author
2008-08-25only display "No blacklisted keys!" if there were any keys at allColin Watson
2008-08-25Remove unnecessary ssh-vulnkey output in non-verbose mode when noColin Watson
compromised or unknown keys were found (closes: #496495).
2008-05-30Add some helpful advice to the end of ssh-vulnkey's output if there areColin Watson
unknown or compromised keys (thanks, Dan Jacobson; closes: #483756).
2008-05-26Refactor rejection of blacklisted user keys into a singleColin Watson
reject_blacklisted_key function in auth.c (thanks, Dmitry V. Levin).
2008-05-26Reword "Unknown (no blacklist information)" to "Unknown (blacklistColin Watson
file not installed)".
2008-05-26add -v to short usage messageColin Watson
2008-05-26Use EUID rather than UID when run with no file names and without -a.Colin Watson
2008-05-26Drop to the user's UID when reading user keys with -a.Colin Watson
2008-05-26Use xasprintf to build user key file names in ssh-vulnkey, avoidingColin Watson
truncation problems (thanks, Solar Designer).
2008-05-26Handle leading IP addresses in ssh-vulnkey input (LP: #230497).Colin Watson
2008-05-26Make 'ssh-vulnkey -v' output each file name it examines (thanks, HughColin Watson
Daniel).
2008-05-26document -vColin Watson
2008-05-26Fix error output if ssh-vulnkey fails to read key files, with theColin Watson
exception of host keys unless -a was given (thanks, Hugh Daniel).
2008-05-26remove dead variableColin Watson
2008-05-26quote filename if it contains a colonColin Watson
2008-05-26Add key type to ssh-vulnkey output.Colin Watson
2008-05-25Add -v (verbose) option to ssh-vulnkey, and don't print output for keysColin Watson
that have a blacklist file but that are not listed unless in verbose mode (thanks, Hugh Daniel).
2008-05-25Check for blacklists in /usr/share/ssh/ as well as /etc/ssh/ (seeColin Watson
#481283).
2008-05-25Make ssh-vulnkey report the file name and line number for each keyColin Watson
(thanks, Heiko Schlittermann and Christopher Perry; closes: #481398).
2008-05-17Check RSA1 keys without the need for a separate blacklist. Thanks toColin Watson
Simon Tatham for the idea.
2008-05-14ssh-vulnkey handles options in authorized_keys (LP: #230029).Colin Watson
2008-05-12* Mitigate OpenSSL security vulnerability:Colin Watson
- Add key blacklisting support. Keys listed in /etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by sshd, unless "PermitBlacklistedKeys yes" is set in /etc/ssh/sshd_config. - Add a new program, ssh-vulnkey, which can be used to check keys against these blacklists. - Depend on openssh-blacklist. - Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least 0.9.8g-9. - Automatically regenerate known-compromised host keys, with a critical-priority debconf note. (I regret that there was no time to gather translations.)