On Thu, Jul 10, 2008 at 07:17:25PM +0200, Christoph Martin wrote: > Debian Bug Tracking System schrieb: > > On Thu, Jul 10, 2008 at 05:28:19PM +0200, Christoph Martin wrote: > >> The openssh client and openssh-vulnkey do not check for 4096 bit > >> comprimised keys as the sid version does. So the user will not find > >> these compromised keys when checking with openssh-vulnkey and the ssh > >> server will accept connections with these keys. > >> > >> Please supply a package like in sid which also checks for 4096 (and > >> other?) bit keys. > > > > Install the openssh-blacklist-extra package. > > I checked that. It is useful if you have the unstable/testing version of > openssh-client. The stable openssh-client includes a version of > ssh-vulnkey which does not use the 4096 bit blacklists.
Err, are you sure? There is no hardcoding of key sizes in ssh-vulnkey; it uses whatever's available. What version of openssh-blacklist-extra did you fetch? -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]