Ubuntu

ssh-vulnkey overlooks keys which have options in authorized_keys

Reported by Matt Zimmerman on 2008-05-13
14
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
High
Unassigned
Feisty
Undecided
Jamie Strandboge
Gutsy
Undecided
Jamie Strandboge
Hardy
Undecided
Jamie Strandboge

Bug Description

ssh-vulnkey failed to alert on this key:

command="dovecot -c ~/mail/dovecot.conf --exec-mail imap",no-pty,no-agent-forwarding,no-X11-forwarding,no-port-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqDA3EME8AgthQ7rnEhNSlmJmsdN7D0H4ImRvA6L9U9DkpOK4WqRksHfqO1YXFc9tgd2krKbfLBpmQuGSudRwDob42TVCgFo/afPgnEkgA6TAvRFJW5D6iZrOxQJH4reps6GPGr8MFhxKMAgJcj+0nYIDw0xhqhL/yR4Cl6QbBNC1r4Gp+eq4pvlg+aN2QRePxTdJf/cKNgXPMUc6dzrzQxhsyD5XK/30AQEd3SpEjQXzHm88I/dThVxknBnKizculI2c9buhPEKVpcemOkyoTFegmtKhlhjVio9DfzVbwMQ+Q+J9RpuBgRp6tPgikYPmNB5dsq5sNYDgdGX47ybWHQ== mdz@potpal

though it is a weak one. Removing the options enabled it to correctly detect the key.

Colin Watson (cjwatson) wrote :

Confirmed, we don't handle key options. (Ugh.)

Changed in openssh:
importance: Undecided → High
status: New → Triaged
Colin Watson (cjwatson) wrote :

I plan to upload the attached diff to Debian unstable and Intrepid. It should be suitable for a further security update as well.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:4.7p1-10ubuntu1

---------------
openssh (1:4.7p1-10ubuntu1) intrepid; urgency=low

  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.

openssh (1:4.7p1-10) unstable; urgency=low

  * Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel).
  * ssh-vulnkey handles options in authorized_keys (LP: #230029), and treats
    # as introducing a comment even if it is preceded by whitespace.

 -- Colin Watson <email address hidden> Wed, 14 May 2008 13:25:45 +0100

Changed in openssh:
status: Triaged → Fix Released
Changed in openssh:
status: Fix Released → Fix Committed
assignee: nobody → jdstrand
status: New → Fix Committed
Martin Pitt (pitti) on 2008-05-14
Changed in openssh:
status: Fix Committed → Fix Released
Changed in openssh:
assignee: nobody → jdstrand
status: New → Fix Committed
assignee: nobody → jdstrand
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:4.7p1-8ubuntu1.2

---------------
openssh (1:4.7p1-8ubuntu1.2) hardy-security; urgency=low

  * Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel).
  * ssh-vulnkey handles options in authorized_keys (LP: #230029), and treats
    # as introducing a comment even if it is preceded by whitespace (thanks
    Colin Watson)

 -- Jamie Strandboge <email address hidden> Wed, 14 May 2008 08:32:08 -0400

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:4.6p1-5ubuntu0.5

---------------
openssh (1:4.6p1-5ubuntu0.5) gutsy-security; urgency=low

  * Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel).
  * ssh-vulnkey handles options in authorized_keys (LP: #230029), and treats
    # as introducing a comment even if it is preceded by whitespace (thanks
    Colin Watson)

 -- Jamie Strandboge <email address hidden> Wed, 14 May 2008 09:30:52 -0400

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:4.3p2-8ubuntu1.4

---------------
openssh (1:4.3p2-8ubuntu1.4) feisty-security; urgency=low

  * Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel).
  * ssh-vulnkey handles options in authorized_keys (LP: #230029), and treats
    # as introducing a comment even if it is preceded by whitespace (thanks
    Colin Watson).

 -- Jamie Strandboge <email address hidden> Wed, 14 May 2008 08:29:25 -0400

Changed in openssh:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers