Bug#483756: insist ssh-vulnkey -a be run by the administrator upon upgrade

To: jidanni@jidanni.org, 483756@bugs.debian.org
Subject: Bug#483756: insist ssh-vulnkey -a be run by the administrator upon upgrade
From: Colin Watson <cjwatson@debian.org>
Date: Fri, 30 May 2008 23:25:19 +0100
Message-id: <[🔎] 20080530222519.GK16645@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 483756@bugs.debian.org
In-reply-to: <[🔎] 87prr3zduz.fsf@jidanni.org>
References: <[🔎] 87prr3zduz.fsf@jidanni.org>

On Sat, May 31, 2008 at 05:22:28AM +0800, jidanni@jidanni.org wrote:
> Package: openssh-client
> Version: 1:4.7p1-12
> Severity: wishlist
> File: /usr/bin/ssh-vulnkey
> X-debbugs-cc: suresh@hserus.net
> 
> Upon the next upgrade of this package, a screen should greet the
> administrator asking him if we shall run ssh-vulnkey -a right now, or
> will he remember to run it later [yes|no]...

I think it's too late to do this now. It might have made sense to do
this with the initial advisory, but now I think it will cause more
confusion than the good it might do.

> Why? Because the average administrator of ones personal machine does
> not know that there are things on his machine that are bad, even if he
> heard there is some SSL crisis and updated the packages in response.

But that's OK; any keys that would be detected by ssh-vulnkey will also
be blacklisted automatically by sshd. Users may need to take individual
action on other machines, but the system itself is secure without them
doing that.

The reason for system administrators to run 'ssh-vulnkey -a' is to help
their users deal with the changes. However, that doesn't justify
"insisting" that the sysadmin run it.

(Did you know about the blacklisting? Your bug suggests that you didn't,
or didn't quite understand what's going on here.)

> Also please emit a message about what action one should take, or tell
> them to see the man page, when bad things are found.

Thanks, I've implemented this. The output on my test system now looks
like this:

  $ sudo ssh-vulnkey -a
  /etc/ssh/ssh_host_key:1: COMPROMISED: RSA1 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx root@sarantium
  /home/cjwatson/.ssh/identity:1: Unknown (blacklist file not installed): RSA1 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx cjwatson@riva
  /home/cjwatson/.ssh/authorized_keys:1: Unknown (blacklist file not installed): RSA1 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx cjwatson@riva
  #
  # The status of some keys on your system is unknown.
  # You may need to install additional blacklist files.
  #
  # Some keys on your system have been compromised!
  # You must replace them using ssh-keygen(1).
  #
  # See the ssh-vulnkey(1) manual page for further advice.

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Bug#483756: insist ssh-vulnkey -a be run by the administrator upon upgrade
  - From: jidanni@jidanni.org

References:
- Bug#483756: insist ssh-vulnkey -a be run by the administrator upon upgrade
  - From: jidanni@jidanni.org

Prev by Date: Bug#483755: openssh-client: ssh-vulnkey from lenny (testing) doesn't work with blacklists from sid
Next by Date: Processed: tagging 483756
Previous by thread: Bug#483756: insist ssh-vulnkey -a be run by the administrator upon upgrade
Next by thread: Bug#483756: insist ssh-vulnkey -a be run by the administrator upon upgrade
Index(es):
- Date
- Thread