From 47608c17e64138f8d16aa2bdc49a0eb00e1c3549 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 12 May 2008 23:33:01 +0000
Subject: * Mitigate OpenSSL security vulnerability:   - Add key blacklisting
 support. Keys listed in     /etc/ssh/blacklist.TYPE-LENGTH will be rejected
 for authentication by     sshd, unless "PermitBlacklistedKeys yes" is set in 
    /etc/ssh/sshd_config.   - Add a new program, ssh-vulnkey, which can be
 used to check keys     against these blacklists.   - Depend on
 openssh-blacklist.   - Force dependencies on libssl0.9.8 /
 libcrypto0.9.8-udeb to at least     0.9.8g-9.   - Automatically regenerate
 known-compromised host keys, with a     critical-priority debconf note. (I
 regret that there was no time to     gather translations.)

---
 servconf.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'servconf.h')

diff --git a/servconf.h b/servconf.h
index 257de1c8b..be42e9f60 100644
--- a/servconf.h
+++ b/servconf.h
@@ -94,6 +94,7 @@ typedef struct {
 						 * authentication. */
 	int     kbd_interactive_authentication;	/* If true, permit */
 	int     challenge_response_authentication;
+	int     permit_blacklisted_keys;	/* If true, permit */
 	int     permit_empty_passwd;	/* If false, do not permit empty
 					 * passwords. */
 	int     permit_user_env;	/* If true, read ~/.ssh/environment */
-- 
cgit v1.2.3