Package: openssh-client Version: 1:4.3p2-9etch1 Severity: normal
The ssh-vulnkey program does not report which file a a bad key was found in, making it tedious to locate offending keys. The attached patch adds the filename to the output of the ssh-vulnkey command. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.21 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages openssh-client depends on: ii add 3.102 Add and remove users and groups ii deb 1.5.11etch1 Debian configuration management sy ii dpk 1.13.25 package maintenance system for Deb ii lib 2.3.6.ds1-13etch5 GNU C Library: Shared libraries ii lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library ii lib 2.9.cvs.20050518-2.2 BSD editline and history libraries ii lib 1.4.4-7etch5 MIT Kerberos runtime libraries ii lib 5.5-5 Shared libraries for terminal hand ii lib 0.9.8c-4etch3 SSL shared libraries ii pas 1:4.0.18.1-7 change and administer password and ii zli 1:1.2.3-13 compression library - runtime openssh-client recommends no packages. -- no debconf information
--- ssh-vulnkey.c.orig 2008-05-15 15:11:13.000000000 -0400 +++ ssh-vulnkey.c 2008-05-15 15:17:35.000000000 -0400 @@ -73,18 +73,18 @@ } void -describe_key(const char *msg, const Key *key, const char *comment) +describe_key(const char *msg, const Key *key, const char *comment, const char *filename) { char *fp; fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); if (!quiet) - printf("%s: %u %s %s\n", msg, key_size(key), fp, comment); + printf("%s: %u %s %s %s\n", msg, key_size(key), fp, comment, filename); xfree(fp); } int -do_key(const Key *key, const char *comment) +do_key(const Key *key, const char *comment, const char *filename) { char *blacklist_file; struct stat st; @@ -93,12 +93,12 @@ blacklist_file = blacklist_filename(key); if (stat(blacklist_file, &st) < 0) describe_key("Unknown (no blacklist information)", - key, comment); + key, comment, filename); else if (blacklisted_key(key)) { - describe_key("COMPROMISED", key, comment); + describe_key("COMPROMISED", key, comment, filename); ret = 0; } else - describe_key("Not blacklisted", key, comment); + describe_key("Not blacklisted", key, comment, filename); xfree(blacklist_file); return ret; @@ -170,7 +170,7 @@ if (*cp) { key = key_new(KEY_RSA1); if (key_read(key, &cp) == 1) { - if (!do_key(key, comment)) + if (!do_key(key, comment, filename)) ret = 0; key_free(key); found = 1; @@ -178,7 +178,7 @@ key_free(key); key = key_new(KEY_UNSPEC); if (key_read(key, &cp) == 1) { - if (!do_key(key, comment)) + if (!do_key(key, comment, filename)) ret = 0; key_free(key); found = 1; @@ -194,7 +194,7 @@ if (!found && filename) { key = key_load_public(filename, &comment); if (key) { - if (!do_key(key, comment)) + if (!do_key(key, comment, filename)) ret = 0; found = 1; }