I mean, it’s not like the problem is only on ubuntu/debian machines.
I’d like to be able to check if the keys installed on my (non-debian and non-ubuntu… some even non-linux) servers are vulnerable.
What’s really nasty of this debian ssh mess is that the vulnerability was born on the debian clients, and spreads making all the (non necessarily debian) servers where they are installed to.
So, do I have to dl ubuntu’s openssh .debs and extract ssh-vunlkey from there? That’s not really nice :)
Apparently there’s some huge perl script here http://ubuntu-tutorials.com/category/security/ that should do the job… checking…