Bug#483756: insist ssh-vulnkey -a be run by the administrator upon upgrade

To: cjwatson@debian.org
Cc: 483756@bugs.debian.org, suresh@hserus.net
Subject: Bug#483756: insist ssh-vulnkey -a be run by the administrator upon upgrade
From: jidanni@jidanni.org
Date: Sat, 31 May 2008 06:57:42 +0800
Message-id: <[🔎] 874p8fz9g9.fsf@jidanni.org>
Reply-to: jidanni@jidanni.org, 483756@bugs.debian.org
References: <[🔎] 20080530222519.GK16645@riva.ucam.org>

CW> But that's OK; any keys that would be detected by ssh-vulnkey will also
CW> be blacklisted automatically by sshd.

Well all I know is that I do my sid upgrades, and my friends emailed
me to tell me I had things needing replacing on their machines.

I don't run sshd but often use ssh...

CW> (Did you know about the blacklisting? Your bug suggests that you didn't,
CW> or didn't quite understand what's going on here.)

(Actually I purposely don't research to far into it. This allows me to
give you the rare voice from the dumbest user (but still knows how to
use the BTS) point of view. Indeed, I bet Windows users have some
wizard program to set up their first ~/.ssh/* much easier than we GNU/Linux
who have to go reading instructions from man pages.)

All I know is "usual security upgrade routine... done. Check
apt-listchanges for anything with lots of asterisks etc... done"

>> Also please emit a message about what action one should take, or tell
>> them to see the man page, when bad things are found.

CW> Thanks, I've implemented this.

CW>   # Some keys on your system have been compromised!
CW>   # You must replace them using ssh-keygen(1).
CW>   #
CW>   # See the ssh-vulnkey(1) manual page for further advice.

OK, I suppose that's good but of course I'm no expert.
Wait, also mention the importance of cleaning up keys that one has put
on remote machines as well as this machine. Also say it on the man
page.

Indeed my friend told me to replace all my keys on his machine, which
I did.

Then the next week he told me I had replaced them with compromised
keys... indeed, I just copied them from machine C to machine B,
without ever thinking about regenerating them first.

So fortunately some users are as dumb as me here, else you wouldn't
know the magnitude of the education problem.

Indeed, education won't work anyway, as e.g., I have to read all the
ssh man pages all over again whenever I want to make a new remote
machine not need a password to login.

OK, thanks for adding more instructions and warnings.
Maybe at least add something to the apt-listchanges news stuff with
lots of asterisks saying root should do ssh-vulnkey -a and then what
to do if something is detected.

Reply to:

Follow-Ups:
- Bug#483756: insist ssh-vulnkey -a be run by the administrator upon upgrade
  - From: Colin Watson <cjwatson@debian.org>

References:
- Bug#483756: insist ssh-vulnkey -a be run by the administrator upon upgrade
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Processed: tagging 483756
Next by Date: Bug#483756: insist ssh-vulnkey -a be run by the administrator upon upgrade
Previous by thread: Bug#483756: insist ssh-vulnkey -a be run by the administrator upon upgrade
Next by thread: Bug#483756: insist ssh-vulnkey -a be run by the administrator upon upgrade
Index(es):
- Date
- Thread