Re: ssh-vulnkey and authorized_keys

To: Vladislav Kurz <vladislav.kurz@webstep.net>
Cc: debian-security@lists.debian.org
Subject: Re: ssh-vulnkey and authorized_keys
From: Mikko Rapeli <mikko.rapeli@iki.fi>
Date: Thu, 15 May 2008 11:08:58 +0300
Message-id: <[🔎] 20080515080858.GH28655@kapsi.fi>
In-reply-to: <[🔎] 200805150952.10853.vladislav.kurz@webstep.net>
References: <[🔎] 200805150952.10853.vladislav.kurz@webstep.net>

On Thu, May 15, 2008 at 09:52:10AM +0200, Vladislav Kurz wrote:
> It would be also helpful to print the line as dokuwd.pl does.
> Is there any repository with newer versions of ssh-vulnkey or dokuwd.pl ?

Try the Ubuntu version which contains a fixed ssh-vulnkey (
http://www.ubuntu.com/usn/usn-612-5 ):

"Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys with
options (such as "no-port-forwarding" or forced commands) were ignored
by the new ssh-vulnkey tool introduced in OpenSSH (see USN-612-2). This
could cause some compromised keys not to be listed in ssh-vulnkey's
output."

I think, and hope, Debian openssh packages will be updated too.

-Mikko

Reply to:

Follow-Ups:
- Re: ssh-vulnkey and authorized_keys
  - From: Noah Meyerhans <noahm@debian.org>

References:
- ssh-vulnkey and authorized_keys
  - From: Vladislav Kurz <vladislav.kurz@webstep.net>

Prev by Date: ssh-vulnkey and authorized_keys
Next by Date: Re: ssh-vulnkey and authorized_keys
Previous by thread: ssh-vulnkey and authorized_keys
Next by thread: Re: ssh-vulnkey and authorized_keys
Index(es):
- Date
- Thread