There are already scripts to exploits servers that where used via pubkey by ubuntu/debian users ( http://packetstormsecurity.org/0805-exploits/debian-sploit.txt )
I really think now would be a time to at least extend the warning message to inform briefly about this problem. -- ssh-vulnkey doesnt check all keys. Also, it would be nice to extend the warning message. https://bugs.launchpad.net/bugs/230632 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
