Package: libssh-4 Version: 0.5.2-1 Severity: normal Dear Maintainer,
When looking for known hosts, libssh opens the per-user ~/.ssh/known_hosts, but not the system-wide /etc/ssh/ssh_known_hosts (documented in sshd(8)). This has obvious negative security implications since users can't benefit from the fingerprint certifications done by the sysadmin. Regards, -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libssh-4 depends on: ii libc6 2.13-35 ii libssl1.0.0 1.0.1c-4 ii multiarch-support 2.13-35 ii zlib1g 1:1.2.7.dfsg-13 libssh-4 recommends no packages. libssh-4 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
