Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

mugwumpjism (1871)

mugwumpjism
  (email not shown publicly)
http://utsl.gen.nz/

Journal of mugwumpjism (1871)

Thursday May 15, 2008
08:26 PM

Dowse::BadSSH on CPAN

[ #36436 ]

One of the nasty things about the recent OpenSSH vulnerability is that it affects non-debian systems, too.

Thankfully the script to find the bad keys was written in Perl. With a bit of back-porting, I managed to get it to work with perl 5.6.1, and thanks to the magic of Module::Install, I have made a tarball which includes the dependencies of the debian-published script and uploaded to CPAN as Dowse::BadSSH.

Unlike the published script, the updated dowkd.pl is capable of removing bad keys and checks more places on the system, such as known_hosts files and the system host key.

Portability patches more than welcomed.

Yes, I realise I probably should have based my work off the upstream sources

Also available from utsl.gen.nz. Note there were not one but two brown paper bag releases for this. You want at least version 0.04 to safely use the '-r' option.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • This is a little confusing to install via the CPAN shell because you can't just say "install Dowse::BadSSH". Instead, I had to say "install SAMV/Dowse-BadSSH-0.07.tar.gz"

    I recommend that you add a trivial .pm to the file with a tiny bit of POD explaining the purpose of the tool.