[Touch-packages] [Bug 1499392] Re: OpenSSH Security and SHA1
Hello Colin, Hello Seth, Seth that sounds great :-). I totally agree you. Colin and that´s the same Problem we had on Scaleway, but I am sure that we are finding a solution :-). I would love to participate @ the discussion. Have a nice day, Eldin Hadzic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1499392 Title: OpenSSH Security and SHA1 Status in openssh package in Ubuntu: Confirmed Bug description: We should enhance Security by disabling SHA1 or, if not possible (older Clients) by changing the KexAlgorithms, Ciphers and MACs order. For e.g. by : 1. If we add Support for older Clients we should change this: OpenSSH Security KexAlgorithms curve25519-sha...@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 Ciphers chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-ripemd160-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-...@openssh.com 2. If we just Support new Clients we should change this : [...] HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ed25519_key [...] OpenSSH Security KexAlgorithms curve25519-sha...@libssh.org,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-ripemd160-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-...@openssh.com For more Information about my report go here: https://github.com/scaleway/image-ubuntu/pull/35 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1499392/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1499392] Re: OpenSSH Security and SHA1
Just a note: "I and @stribika have the same point of view (https://stribika.github.io/2015/01/04/secure-secure-shell.html) [...]" "I tend to agree with @aimxhaisse. Don't you think it would be preferable to open a bug report on Ubuntu side (https://bugs.launchpad.net/ubuntu/), see what they answer and follow their advices?" Have a nice Weekend, Eldin Hadzic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1499392 Title: OpenSSH Security and SHA1 Status in openssh package in Ubuntu: Confirmed Bug description: We should enhance Security by disabling SHA1 or, if not possible (older Clients) by changing the KexAlgorithms, Ciphers and MACs order. For e.g. by : 1. If we add Support for older Clients we should change this: OpenSSH Security KexAlgorithms curve25519-sha...@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 Ciphers chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-ripemd160-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-...@openssh.com 2. If we just Support new Clients we should change this : [...] HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ed25519_key [...] OpenSSH Security KexAlgorithms curve25519-sha...@libssh.org,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-ripemd160-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-...@openssh.com For more Information about my report go here: https://github.com/scaleway/image-ubuntu/pull/35 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1499392/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1499392] Re: OpenSSH Security and SHA1
Hello Colin, Hello Seth, thank you for your response. I completely understand the situation with launchpad and Cisco Equipment :-). I already know the page https://stribika.github.io/2015/01/04/secure- secure-shell.html, but still thank you. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1499392 Title: OpenSSH Security and SHA1 Status in openssh package in Ubuntu: Confirmed Bug description: We should enhance Security by disabling SHA1 or, if not possible (older Clients) by changing the KexAlgorithms, Ciphers and MACs order. For e.g. by : 1. If we add Support for older Clients we should change this: OpenSSH Security KexAlgorithms curve25519-sha...@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 Ciphers chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-ripemd160-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-...@openssh.com 2. If we just Support new Clients we should change this : [...] HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ed25519_key [...] OpenSSH Security KexAlgorithms curve25519-sha...@libssh.org,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-ripemd160-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-...@openssh.com For more Information about my report go here: https://github.com/scaleway/image-ubuntu/pull/35 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1499392/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp