Bug#496495: openssh-client: ssh-vulnkey "see manpage" message is unnecessary
Package: openssh-client
Version: 1:5.1p1-2
Severity: minor
When running ssh-vulnkey -a on a system with no compromised keys, I used
to get no output. I would argue this to be the correct behaviour. Now, however I get
#
# See the ssh-vulnkey(1) manual page for further advice.
which is an entirely superfluous, and even misleading message as it
would seem to suggest there is something wrong that reading the manpage
might explain. Anyone with half a brain operating a Debian system with
ssh enabled should know not only to read this man page, but also the
scores of other information about how to mitigate this vulnerability.
This is also very inconvienient for running ssh-vulnkey -a in cron,
which must now filter out this message so it doesn't email root when
there's nothing wrong.
Kevin
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (600, 'testing'), (400, 'unstable'), (300, 'stable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1) (ignored: LC_ALL set to en_GB)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssh-client depends on:
ii adduser 3.108 add and remove users and groups
ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy
ii dpkg 1.14.20 Debian package management system
ii libc6 2.7-13 GNU C Library: Shared libraries
ii libcomerr2 1.41.0-3 common error description library
ii libedit2 2.11~20080614-1 BSD editline and history libraries
ii libkrb53 1.6.dfsg.4~beta1-3 MIT Kerberos runtime libraries
ii libncurses5 5.6+20080713-1 shared libraries for terminal hand
ii libssl0.9.8 0.9.8g-13 SSL shared libraries
ii passwd 1:4.1.1-3 change and administer password and
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages openssh-client recommends:
ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS
ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op
ii xauth 1:1.0.3-2 X authentication utility
Versions of packages openssh-client suggests:
pn keychain <none> (no description available)
pn libpam-ssh <none> (no description available)
pn ssh-askpass <none> (no description available)
-- no debconf information
Reply to: