[Secure-testing-team] Bug#481853: [openssh-client] "ssh-vulnkey -a" does not see the weak keys of the user
David
david.maillists at gmail.com
Mon May 19 00:03:45 UTC 2008
Package: openssh-client
Version: 1:4.7p1-10
Severity: important
Tags: security
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org
--- Please enter the report below this line. ---
I have the packages openssh-blacklist and openssh-blacklist-extra installed.
If I run "ssh-vulnkey -a" I get no output, either by running it as user or
as root.
Nevertheless:
# perl dowkd.pl user
/home/username/.ssh/known_hosts:1: weak key (OpenSSH/rsa/2048)
/home/username/.ssh/known_hosts:2: weak key (OpenSSH/rsa/2048)
summary: keys found: 2, weak keys: 2
I am deleting the file /home/username/.ssh/known_hosts right now, so I am
afraid it will not be available for debugging :-(
--- System information. ---
Architecture: i386
Kernel: Linux 2.6.24-1-686
Debian Release: lenny/sid
990 unstable www.debian-multimedia.org
990 unstable ftp.uk.debian.org
500 stable dl.google.com
500 experimental www.debian-multimedia.org
1 experimental ftp.uk.debian.org
--- Package information. ---
Depends (Version) | Installed
=======================================-+-========================
libc6 (>= 2.7-1) | 2.7-11
libcomerr2 (>= 1.33-3) | 1.40.8-2
libedit2 (>= 2.5.cvs.20010821-1) | 2.9.cvs.20050518-4
libkrb53 (>= 1.6.dfsg.2) | 1.6.dfsg.3-2
libncurses5 (>= 5.6+20071006-3) | 5.6+20080503-1
libssl0.9.8 (>= 0.9.8g-9) | 0.9.8g-10
zlib1g (>= 1:1.1.4) | 1:1.2.3.3.dfsg-12
debconf (>= 1.2.0) | 1.5.22
OR debconf-2.0 |
adduser (>= 3.10) | 3.107
dpkg (>= 1.7.0) | 1.14.19
passwd | 1:4.1.1-1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080519/98ded5a0/attachment.htm
More information about the Secure-testing-team
mailing list