[project @ peter@palfrader.org-20080519143522-kstmea5zjg1g5krg]

Fix ssh-dss detection.  It need not be at the start of a line

diff --git a/dsa-nagios-nrpe-config/debian/changelog b/dsa-nagios-nrpe-config/debian/changelog
index fc058a3..d86f43d 100644 (file)
--- a/dsa-nagios-nrpe-config/debian/changelog
+++ b/dsa-nagios-nrpe-config/debian/changelog
@@ -1,3 +1,10 @@
+dsa-nagios-nrpe-config (44) unstable; urgency=low
+
+  * Fix ssh-dss detection.  It need not be at the start of a line
+    (think >from="1.2.3.4" ssh-dss< ...).
+
+ -- Peter Palfrader <weasel@debian.org>  Mon, 19 May 2008 14:34:23 +0000
+
 dsa-nagios-nrpe-config (43) unstable; urgency=low
 
   * Depend on ruby.

diff --git a/dsa-nagios-nrpe-config/weak-ssh-keys-check b/dsa-nagios-nrpe-config/weak-ssh-keys-check
index b257857..68b73b6 100755 (executable)
--- a/dsa-nagios-nrpe-config/weak-ssh-keys-check
+++ b/dsa-nagios-nrpe-config/weak-ssh-keys-check
@@ -194,7 +194,7 @@ sub from_ssh_key_file ($) {
     my $name = shift;
     if (open (my $FH, '<', $name)) {
        my $key = <$FH>; 
-       if ($key =~ m/^ssh-dss/) {
+       if ($key =~ m/ssh-dss/) {
                $dsa_keys++;
                $text .= "$name is a DSA key\n";
        }
@@ -229,7 +229,7 @@ sub from_ssh_auth_file ($) {
        clear_tmp $tmp;
        next if $line =~ m/^$/; # ignore empty lines
        next if $line =~ m/^#/; # ignore comments
-       if ($line =~ m/^ssh-dss/) {
+       if ($line =~ m/ssh-dss/) {
                $dsa_keys++;
                $text .= "$name:$lineno is a DSA key\n";
        }