ssh-vulnkey needs to be backported to Ubuntu 6.06 LTS
Bug #231047 reported by
Zach
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| openssh (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Vulnerable ssh keys expose systems to attack that don't have the openssl PRNG vulnerability. The vulnerable key scanning tools such as ssh-vulnkey need to be backported to supported releases.
Futher, it would be helpful to make a statically compiled version downloadable via http so non debian/ubuntu administrators can scan their systems' authorized_keys and other files for vulnerable keys introduced by debian/ubuntu users.
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #1 |
To post a comment you must log in.
Thank you for using Ubuntu and taking the time to report a bug. This was fixed in http://