Bug 447075 - RFE: Add the ssh-vulnkey command to detect weak SSH keys
RFE: Add the ssh-vulnkey command to detect weak SSH keys
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity high
: ---
: ---
Assigned To: Nobody's working on this, feel free to take it
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-17 13:20 EDT by John Villalovos
Modified: 2015-05-08 09:56 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-10-20 20:05:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Villalovos 2008-05-17 13:20:42 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14

Description of problem:
Due to the issue with Debian and Debian derived systems generating weak keys.  It would be useful to have the ssh-vulnkey application added from Debian.  It might also be useful to consider the blacklist code that they have to.

http://www.debian.org/security/2008/dsa-1571
http://wiki.debian.org/SSLkeys
http://metasploit.com/users/hdm/tools/debian-openssl/

Version-Release number of selected component (if applicable):


How reproducible:
Always


Steps to Reproduce:
If key created on an affected Debian system has been copied to a Fedora system you are affected.

Actual Results:


Expected Results:


Additional info:
Comment 1 Tomas Mraz 2008-05-18 15:32:05 EDT
IMO this should be a completely separate package. I don't see any reason why to
add this kludge into the base openssh source rpm.
I'm willing to review it for you if you submit it for Fedora.
Comment 2 Bill Nottingham 2008-05-19 16:27:12 EDT
Yes, please feel free to submit this for review.
Comment 3 John Villalovos 2008-08-19 12:09:31 EDT
At the moment I don't have the bandwidth to do this.  It would be nice if someone else could.
Comment 4 Jason Tibbitts 2008-10-20 20:05:06 EDT
If there's no package to review, this should certainly not be in the "Package Review" component.

I'm just going to close this.  If someone actually wants to submit a package for review, please open a regular package review ticket.  If someone wants to keep this open, please change the component to something proper so that it doesn't appear in the package review queue.

Note You need to log in before you can comment on or make changes to this bug.