Ubuntu
openssh package

ssh-vulnkey overlooks keys which have options in authorized_keys

Bug #230029 reported by Matt Zimmerman
14
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Fix Released
High
Unassigned
Feisty
Fix Released
Undecided
Jamie Strandboge
Gutsy
Fix Released
Undecided
Jamie Strandboge
Hardy
Fix Released
Undecided
Jamie Strandboge

Bug Description

ssh-vulnkey failed to alert on this key:

command="dovecot -c ~/mail/dovecot.conf --exec-mail imap",no-pty,no-agent-forwarding,no-X11-forwarding,no-port-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqDA3EME8AgthQ7rnEhNSlmJmsdN7D0H4ImRvA6L9U9DkpOK4WqRksHfqO1YXFc9tgd2krKbfLBpmQuGSudRwDob42TVCgFo/afPgnEkgA6TAvRFJW5D6iZrOxQJH4reps6GPGr8MFhxKMAgJcj+0nYIDw0xhqhL/yR4Cl6QbBNC1r4Gp+eq4pvlg+aN2QRePxTdJf/cKNgXPMUc6dzrzQxhsyD5XK/30AQEd3SpEjQXzHm88I/dThVxknBnKizculI2c9buhPEKVpcemOkyoTFegmtKhlhjVio9DfzVbwMQ+Q+J9RpuBgRp6tPgikYPmNB5dsq5sNYDgdGX47ybWHQ== mdz@potpal

though it is a weak one. Removing the options enabled it to correctly detect the key.

Revision history for this message
Colin Watson (cjwatson) wrote :

Confirmed, we don't handle key options. (Ugh.)

Changed in openssh:
importance: Undecided → High
status: New → Triaged
Revision history for this message
Colin Watson (cjwatson) wrote :

I plan to upload the attached diff to Debian unstable and Intrepid. It should be suitable for a further security update as well.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:4.7p1-10ubuntu1

---------------
openssh (1:4.7p1-10ubuntu1) intrepid; urgency=low

  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.

openssh (1:4.7p1-10) unstable; urgency=low

  * Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel).
  * ssh-vulnkey handles options in authorized_keys (LP: #230029), and treats
    # as introducing a comment even if it is preceded by whitespace.

 -- Colin Watson <email address hidden> Wed, 14 May 2008 13:25:45 +0100

Changed in openssh:
status: Triaged → Fix Released
Jamie Strandboge (jdstrand)
Changed in openssh:
status: Fix Released → Fix Committed
assignee: nobody → jdstrand
status: New → Fix Committed
Martin Pitt (pitti)
Changed in openssh:
status: Fix Committed → Fix Released
Jamie Strandboge (jdstrand)
Changed in openssh:
assignee: nobody → jdstrand
status: New → Fix Committed
assignee: nobody → jdstrand
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:4.7p1-8ubuntu1.2

---------------
openssh (1:4.7p1-8ubuntu1.2) hardy-security; urgency=low

  * Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel).
  * ssh-vulnkey handles options in authorized_keys (LP: #230029), and treats
    # as introducing a comment even if it is preceded by whitespace (thanks
    Colin Watson)

 -- Jamie Strandboge <email address hidden> Wed, 14 May 2008 08:32:08 -0400

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:4.6p1-5ubuntu0.5

---------------
openssh (1:4.6p1-5ubuntu0.5) gutsy-security; urgency=low

  * Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel).
  * ssh-vulnkey handles options in authorized_keys (LP: #230029), and treats
    # as introducing a comment even if it is preceded by whitespace (thanks
    Colin Watson)

 -- Jamie Strandboge <email address hidden> Wed, 14 May 2008 09:30:52 -0400

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:4.3p2-8ubuntu1.4

---------------
openssh (1:4.3p2-8ubuntu1.4) feisty-security; urgency=low

  * Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel).
  * ssh-vulnkey handles options in authorized_keys (LP: #230029), and treats
    # as introducing a comment even if it is preceded by whitespace (thanks
    Colin Watson).

 -- Jamie Strandboge <email address hidden> Wed, 14 May 2008 08:29:25 -0400

Changed in openssh:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.