Bug#490185: closed by Colin Watson <cjwatson@debian.org> (Re: Bug#490185: openssh-client: openssh-vulnkey does not find compromised keys with 4096 bit keys)

[Colin Watson <cjwatson@debian.org>]

On Thu, Jul 10, 2008 at 07:17:25PM +0200, Christoph Martin wrote:
> Debian Bug Tracking System schrieb:
> > On Thu, Jul 10, 2008 at 05:28:19PM +0200, Christoph Martin wrote:
> >> The openssh client and openssh-vulnkey do not check for 4096 bit
> >> comprimised keys as the sid version does. So the user will not find
> >> these compromised keys when checking with openssh-vulnkey and the ssh
> >> server will accept connections with these keys.
> >>
> >> Please supply a package like in sid which also checks for 4096 (and
> >> other?) bit keys.
> > 
> > Install the openssh-blacklist-extra package.
> 
> I checked that. It is useful if you have the unstable/testing version of
> openssh-client. The stable openssh-client includes a version of
> ssh-vulnkey which does not use the 4096 bit blacklists.

Err, are you sure? There is no hardcoding of key sizes in ssh-vulnkey;
it uses whatever's available.

What version of openssh-blacklist-extra did you fetch?

-- 
Colin Watson                                       [cjwatson@debian.org]