[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#796599: openssh-client: ssh -G no longer returns "illegal option" (6.0) or "unknown option" (6.7)

Control: reassign -1 chkrootkit
Control: severity -1 important

On Sat, Aug 22, 2015 at 04:37:33PM -0700, Francois Marier wrote:
> Sorry for the alarmist bug report. Hopefully this is a false positive and it
> can be reassigned to chkrootkit, but just in case...
> 
> The "ssh -G" test [1] for Linux  output has changed:
> 
>   on wheezy (openssh 6.0), it was: ssh: illegal option -- G
>   on jessie (openssh 6.7), it was: unknown option -- G
> 
> and now on 6.9, there's nothing except the normal usage info.
> 
> Is this a sign of Linux Ebury? Or (hopefully) a genuine change in the output
> which now invalidates this simple rootkit test?

It is a false positive.  See:

  http://www.openssh.com/txt/release-6.8

(Perhaps an unfortunate choice given Ebury, but maybe there's still some
way to distinguish the two, since the semantics of the new upstream
option are quite different.  "ssh -G <hostname>" will print the
configuration that will be active when connecting to that host.)

-- 
Colin Watson                                       [cjwatson@debian.org]
Reply to: