[Bug 1310781] Re: bad bignum encoding for curve25519-sha256 at libssh.org
This bug was fixed in the package openssh - 1:6.6p1-2ubuntu2 --- openssh (1:6.6p1-2ubuntu2) trusty; urgency=medium * Apply upstream-recommended patch to fix bignum encoding for curve25519-sha...@libssh.org, fixing occasional key exchange failures (LP: #1310781). * Force ssh-agent Upstart job to use sh syntax regardless of the user's shell (thanks, Steffen Stempel; LP: #1312928). -- Colin WatsonFri, 02 May 2014 09:42:23 +0100 ** Changed in: openssh (Ubuntu Trusty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1310781 Title: bad bignum encoding for curve25519-sha256 at libssh.org To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1310781/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1310781] Re: bad bignum encoding for curve25519-sha256 at libssh.org
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1310781 Title: bad bignum encoding for curve25519-sha256 at libssh.org To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1310781/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1310781] Re: bad bignum encoding for curve25519-sha256 at libssh.org
Sorry for the delay - I have enabled proposed and can confirm forced curve25519-sha...@libssh.org works now :) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1310781 Title: bad bignum encoding for curve25519-sha256 at libssh.org To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1310781/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1310781] Re: bad bignum encoding for curve25519-sha256 at libssh.org
Hello Colin, or anyone else affected, Accepted openssh into trusty-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: openssh (Ubuntu Trusty) Status: In Progress => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1310781 Title: bad bignum encoding for curve25519-sha256 at libssh.org To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1310781/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1310781] Re: bad bignum encoding for curve25519-sha256 at libssh.org
I've just come across a knock on effect of this bug when configuring the Ubuntu SSH server for curve25519-sha...@libssh.org key exchange only, and using the latest Debian package openssh-client to connect. Because Ubuntu's SSH server version doesnt match 6.6.1, the Debian SSH client disables curve25519-sha...@libssh.org completely, getting rid of the (presumably) most secure algorithm available: == debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Debian-4 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6p1 Ubuntu-2ubuntu1 debug1: match: OpenSSH_6.6p1 Ubuntu-2ubuntu1 pat OpenSSH_6.5*,OpenSSH_6.6* compat 0x1400 ... debug2: compat_kex_proposal: original KEX proposal: curve25519-sha...@libssh.org debug2: Compat: skipping algorithm "curve25519-sha...@libssh.org" debug2: compat_kex_proposal: compat KEX proposal: No supported key exchange algorithms found == The compat value being hit is in compat.c:100. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1310781 Title: bad bignum encoding for curve25519-sha256 at libssh.org To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1310781/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1310781] Re: bad bignum encoding for curve25519-sha256 at libssh.org
openssh (1:6.6p1-4) unstable; urgency=medium * Debconf translations: - Spanish (thanks, Matías Bellone; closes: #744867). * Apply upstream-recommended patch to fix bignum encoding for curve25519-sha...@libssh.org, fixing occasional key exchange failures. -- Colin Watson Mon, 21 Apr 2014 21:29:53 +0100 ** Also affects: openssh (Ubuntu Trusty) Importance: Undecided Status: New ** Changed in: openssh (Ubuntu Trusty) Status: New => Triaged ** Changed in: openssh (Ubuntu Trusty) Importance: Undecided => High ** Changed in: openssh (Ubuntu Trusty) Assignee: (unassigned) => Colin Watson (cjwatson) ** Changed in: openssh (Ubuntu Trusty) Milestone: None => ubuntu-14.04.1 ** Changed in: openssh (Ubuntu) Status: Triaged => Fix Released ** Changed in: openssh (Ubuntu Trusty) Status: Triaged => In Progress ** Description changed: + [Impact] Occasional key exchange failure with ED25519. + [Test Case] I don't have a clear one, but perhaps attempting lots of connections to a fixed server would do it. + [Regression Potential] We should test with an unpatched server to make sure that it properly falls back to skipping that key exchange method. + There's an occasional (one in 512 or so) key exchange failure in the curve25519-sha256 key exchange method, which affects OpenSSH 6.5 and 6.6. Upstream gives more details here and has recommended that distributors apply this patch: - https://lists.mindrot.org/pipermail/openssh-unix- + https://lists.mindrot.org/pipermail/openssh-unix- dev/2014-April/032494.html We should issue this as an update for trusty. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1310781 Title: bad bignum encoding for curve25519-sha256 at libssh.org To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1310781/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs