| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2008-05-30 | Add some helpful advice to the end of ssh-vulnkey's output if there are | Colin Watson | |
| unknown or compromised keys (thanks, Dan Jacobson; closes: #483756). | |||
| 2008-05-26 | Refactor rejection of blacklisted user keys into a single | Colin Watson | |
| reject_blacklisted_key function in auth.c (thanks, Dmitry V. Levin). | |||
| 2008-05-26 | Reword "Unknown (no blacklist information)" to "Unknown (blacklist | Colin Watson | |
| file not installed)". | |||
| 2008-05-26 | add -v to short usage message | Colin Watson | |
| 2008-05-26 | Use EUID rather than UID when run with no file names and without -a. | Colin Watson | |
| 2008-05-26 | Drop to the user's UID when reading user keys with -a. | Colin Watson | |
| 2008-05-26 | Use xasprintf to build user key file names in ssh-vulnkey, avoiding | Colin Watson | |
| truncation problems (thanks, Solar Designer). | |||
| 2008-05-26 | Handle leading IP addresses in ssh-vulnkey input (LP: #230497). | Colin Watson | |
| 2008-05-26 | Make 'ssh-vulnkey -v' output each file name it examines (thanks, Hugh | Colin Watson | |
| Daniel). | |||
| 2008-05-26 | document -v | Colin Watson | |
| 2008-05-26 | Fix error output if ssh-vulnkey fails to read key files, with the | Colin Watson | |
| exception of host keys unless -a was given (thanks, Hugh Daniel). | |||
| 2008-05-26 | remove dead variable | Colin Watson | |
| 2008-05-26 | quote filename if it contains a colon | Colin Watson | |
| 2008-05-26 | Add key type to ssh-vulnkey output. | Colin Watson | |
| 2008-05-25 | Add -v (verbose) option to ssh-vulnkey, and don't print output for keys | Colin Watson | |
| that have a blacklist file but that are not listed unless in verbose mode (thanks, Hugh Daniel). | |||
| 2008-05-25 | Check for blacklists in /usr/share/ssh/ as well as /etc/ssh/ (see | Colin Watson | |
| #481283). | |||
| 2008-05-25 | Make ssh-vulnkey report the file name and line number for each key | Colin Watson | |
| (thanks, Heiko Schlittermann and Christopher Perry; closes: #481398). | |||
| 2008-05-17 | Check RSA1 keys without the need for a separate blacklist. Thanks to | Colin Watson | |
| Simon Tatham for the idea. | |||
| 2008-05-14 | ssh-vulnkey handles options in authorized_keys (LP: #230029). | Colin Watson | |
| 2008-05-12 | * Mitigate OpenSSL security vulnerability: | Colin Watson | |
| - Add key blacklisting support. Keys listed in /etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by sshd, unless "PermitBlacklistedKeys yes" is set in /etc/ssh/sshd_config. - Add a new program, ssh-vulnkey, which can be used to check keys against these blacklists. - Depend on openssh-blacklist. - Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least 0.9.8g-9. - Automatically regenerate known-compromised host keys, with a critical-priority debconf note. (I regret that there was no time to gather translations.) | |||
 |
index : openssh.git | |
| summaryrefslogtreecommitdiff |
path: root/ssh-vulnkey.c