[Bug 287256] [NEW] hardy ppc (ports.ubuntu.com) includes broken (old) openssh-client package which only generates comprimized keys.

Launchpad Bug Tracker Sat, 13 Dec 2008 07:55:30 -0800

You have been subscribed to a public bug:

The version of openssh-client included in hardy for ppc (from ports.ubuntu.com) 
will only create compromised keys.
Additionally the version on ppc does not even include ssh-vulnkey.


On the ppc machine:

bbog...@ubuntu:~$ dpkg -l openssh-client | grep ^ii
ii  openssh-client             1:4.7p1-8ubuntu1           secure shell client, 
an rlogin/rsh/rcp replacement
bbog...@ubuntu:~$ dpkg -L openssh-client | grep vuln
bbog...@ubuntu:~$ 


On the x86 machine: 

bbog...@aporia:~$ dpkg -l openssh-client | grep ^ii
ii  openssh-client             1:4.7p1-8ubuntu1.2         secure shell client, 
an rlogin/rsh/rcp replacement
bbog...@aporia:~$ dpkg -L openssh-client | grep vuln
/usr/share/man/man1/ssh-vulnkey.1.gz
/usr/bin/ssh-vulnkey

Here is the whole testing transaction for key generation on the ppc
machine:

bbog...@ubuntu:~$ uname -a
Linux ubuntu 2.6.24-16-powerpc #1 Thu Apr 10 12:48:35 UTC 2008 ppc GNU/Linux
bbog...@ubuntu:~$ ssh-keygen -t rsa -f test
Generating public/private rsa key pair.
test already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in test.
Your public key has been saved in test.pub.
The key fingerprint is:
40:5d:14:f9:b7:b3:2a:4c:05:db:28:62:e0:f1:19:32 bbog...@ubuntu
bbog...@ubuntu:~$ scp test.pub aporia:
bbog...@aporia's password: 
test.pub                                                                        
                 100%  396     0.4KB/s   00:00    
bbog...@ubuntu:~$ ssh aporia
bbog...@aporia's password: 
Linux aporia 2.6.24-19-rt #1 SMP PREEMPT RT Thu Aug 21 02:08:03 UTC 2008 i686
...
bbog...@aporia:~$ ssh-vulnkey test.pub 
COMPROMISED: 2048 40:5d:14:f9:b7:b3:2a:4c:05:db:28:62:e0:f1:19:32 bbog...@ubuntu

Should ppc bugs be reported somewhere else? (ports.ubuntu.com specific?)

Thanks,
.b.

** Affects: openssh (Ubuntu)
     Importance: Undecided
         Status: New

-- 
hardy ppc (ports.ubuntu.com) includes broken (old) openssh-client package which 
only generates comprimized keys.
https://bugs.launchpad.net/bugs/287256
You received this bug notification because you are a member of Ubuntu Server 
Team, which is subscribed to openssh in ubuntu.

-- 
Ubuntu-server-bugs mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 287256] [NEW] hardy ppc (ports.ubuntu.com) includes broken (old) openssh-client package which only generates comprimized keys.

Reply via email to