One of the nasty things about the recent OpenSSH vulnerability is that it affects non-debian systems, too.
Thankfully the script to find the bad keys was written in Perl. With a bit of back-porting, I managed to get it to work with perl 5.6.1, and thanks to the magic of Module::Install, I have made a tarball which includes the dependencies of the debian-published script and uploaded to CPAN as Dowse::BadSSH.
Unlike the published script, the updated dowkd.pl is capable of removing bad keys and checks more places on the system, such as known_hosts files and the system host key.
Portability patches more than welcomed.
Yes, I realise I probably should have based my work off the upstream sources
Also available from utsl.gen.nz. Note there were not one but two brown paper bag releases for this. You want at least version 0.04 to safely use the '-r' option.