Bug#490185: closed by Colin Watson <cjwatson@debian.org> (Re: Bug#490185: openssh-client: openssh-vulnkey does not find compromised keys with 4096 bit keys)
reopen 490185
reassign 490185 openssh-blacklist
severity 490185 important
retitle 490185 openssh-blacklist: please backport -extra for stable users
thanks
On Fri, Jul 11, 2008 at 10:02:16AM +0200, Christoph Martin wrote:
> Colin Watson schrieb:
> > On Thu, Jul 10, 2008 at 07:17:25PM +0200, Christoph Martin wrote:
> >> I checked that. It is useful if you have the unstable/testing version of
> >> openssh-client. The stable openssh-client includes a version of
> >> ssh-vulnkey which does not use the 4096 bit blacklists.
> >
> > Err, are you sure? There is no hardcoding of key sizes in ssh-vulnkey;
> > it uses whatever's available.
> >
> > What version of openssh-blacklist-extra did you fetch?
[...]
> openssh-blacklist-extra:
> Installiert:0.4.1
> Mögliche Pakete:0.4.1
> Versions-Tabelle:
> *** 0.4.1 0
> 70 http://ftp.de.debian.org testing/main Packages
> 50 http://ftp.de.debian.org unstable/main Packages
> 70 http://yoda.verwaltung.uni-mainz.de testing/main Packages
> 50 http://yoda.verwaltung.uni-mainz.de unstable/main Packages
> 100 /var/lib/dpkg/status
>
> ssh-vulnkey from stable/security does not search in
> /usr/share/ssh/blacklist where openssh-blacklist-extra places the lists.
Right, the testing/unstable version won't work; one targeted at stable
would have to put them in /etc/ssh.
> There is no stable/security version of openssh-blacklist-extra
Ah, well, that's not an openssh bug. Kees, can we get
openssh-blacklist-extra into stable-security, please?
--
Colin Watson [cjwatson@debian.org]
Reply to: