Hi, thanks for the report. Note that openssh-vulnkey can be aimed at
specific files to check them. As for education, I think Ubuntu has
already taken drastic measures to inform users of the need to replace
the old keys (SSH won't even accept them any more).
** Changed in: openssh (Ubuntu)
A
There are already scripts to exploits servers that where used via pubkey by
ubuntu/debian users (
http://packetstormsecurity.org/0805-exploits/debian-sploit.txt )
I really think now would be a time to at least extend the warning
message to inform briefly about this problem.
--
ssh-vulnkey d
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-0166
--
ssh-vulnkey doesnt check all keys. Also, it would be nice to extend the warning
message.
https://bugs.launchpad.net/bugs/230632
You received this bug notification because you are a member of Ubuntu
Server Team, which i
