hardy ppc (ports.ubuntu.com) includes broken (old) openssh-client package which only generates comprimized keys.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The version of openssh-client included in hardy for ppc (from ports.ubuntu.com) will only create compromised keys.
Additionally the version on ppc does not even include ssh-vulnkey.
On the ppc machine:
bbogart@ubuntu:~$ dpkg -l openssh-client | grep ^ii
ii openssh-client 1:4.7p1-8ubuntu1 secure shell client, an rlogin/rsh/rcp replacement
bbogart@ubuntu:~$ dpkg -L openssh-client | grep vuln
bbogart@ubuntu:~$
On the x86 machine:
bbogart@aporia:~$ dpkg -l openssh-client | grep ^ii
ii openssh-client 1:4.7p1-8ubuntu1.2 secure shell client, an rlogin/rsh/rcp replacement
bbogart@aporia:~$ dpkg -L openssh-client | grep vuln
/usr/share/
/usr/bin/
Here is the whole testing transaction for key generation on the ppc machine:
bbogart@ubuntu:~$ uname -a
Linux ubuntu 2.6.24-16-powerpc #1 Thu Apr 10 12:48:35 UTC 2008 ppc GNU/Linux
bbogart@ubuntu:~$ ssh-keygen -t rsa -f test
Generating public/private rsa key pair.
test already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in test.
Your public key has been saved in test.pub.
The key fingerprint is:
40:5d:14:
bbogart@ubuntu:~$ scp test.pub aporia:
bbogart@aporia's password:
test.pub 100% 396 0.4KB/s 00:00
bbogart@ubuntu:~$ ssh aporia
bbogart@aporia's password:
Linux aporia 2.6.24-19-rt #1 SMP PREEMPT RT Thu Aug 21 02:08:03 UTC 2008 i686
...
bbogart@aporia:~$ ssh-vulnkey test.pub
COMPROMISED: 2048 40:5d:14:
Should ppc bugs be reported somewhere else? (ports.ubuntu.com specific?)
Thanks,
.b.
Thank you for taking the time to report this bug and helping to make Ubuntu better. This bug did not have a package associated with it, which is important for ensuring that it gets looked at by the proper developers. You can learn more about finding the right package at https:/ /wiki.ubuntu. com/Bugs/ FindRightPackag e . I have classified this bug as a bug in openssh. /wiki.ubuntu. com/ReportingBu gs.
For future reference you might be interested to know that a lot of applications have bug reporting functionality built in to them. This can be accessed via the Report a Problem option in the Help menu for the application with which you are having an issue. You can learn more about this feature at https:/