[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#496495: openssh-client: ssh-vulnkey "see manpage" message is unnecessary



Package: openssh-client
Version: 1:5.1p1-2
Severity: minor


When running ssh-vulnkey -a on a system with no compromised keys, I used
to get no output. I would argue this to be the correct behaviour. Now, however I get

#
# See the ssh-vulnkey(1) manual page for further advice.

which is an entirely superfluous, and even misleading message as it
would seem to suggest there is something wrong that reading the manpage
might explain. Anyone with half a brain operating a Debian system with
ssh enabled should know not only to read this man page, but also the
scores of other information about how to mitigate this vulnerability.

This is also very inconvienient for running ssh-vulnkey -a in cron,
which must now filter out this message so it doesn't email root when
there's nothing wrong.

Kevin


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (600, 'testing'), (400, 'unstable'), (300, 'stable'), (200, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1) (ignored: LC_ALL set to en_GB)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-client depends on:
ii  adduser               3.108              add and remove users and groups
ii  debconf [debconf-2.0] 1.5.22             Debian configuration management sy
ii  dpkg                  1.14.20            Debian package management system
ii  libc6                 2.7-13             GNU C Library: Shared libraries
ii  libcomerr2            1.41.0-3           common error description library
ii  libedit2              2.11~20080614-1    BSD editline and history libraries
ii  libkrb53              1.6.dfsg.4~beta1-3 MIT Kerberos runtime libraries
ii  libncurses5           5.6+20080713-1     shared libraries for terminal hand
ii  libssl0.9.8           0.9.8g-13          SSL shared libraries
ii  passwd                1:4.1.1-3          change and administer password and
ii  zlib1g                1:1.2.3.3.dfsg-12  compression library - runtime

Versions of packages openssh-client recommends:
ii  openssh-blacklist             0.4.1      list of default blacklisted OpenSS
ii  openssh-blacklist-extra       0.4.1      list of non-default blacklisted Op
ii  xauth                         1:1.0.3-2  X authentication utility

Versions of packages openssh-client suggests:
pn  keychain                      <none>     (no description available)
pn  libpam-ssh                    <none>     (no description available)
pn  ssh-askpass                   <none>     (no description available)

-- no debconf information



Reply to: