Public bug reported: Hi,
yeah, it's not yet a bug, but it will become a (security) bug within lifetime of 20.04 if not 'fixed'. Currently openssh for Ubuntu 20.04 is still on 8.1p1, while upstream the version 8.2 has just been released: https://lists.mindrot.org/pipermail/openssh-unix- announce/2020-February/000138.html It comes with important security updates, e.g. not accepting SHA-1 for key generation/signature anymore, and using FIDO2/U2F-tokens as a second factor. Especially the latter significantly improves security and helps against stealing keys and hijacking machines. It would be important (and nice) to have these improvements of security in Ubuntu 20.04. It might not yet be seen as a security vulnerability, but it will probably become one soon. Thanks ** Affects: openssh (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863447 Title: openssh outdated by 8.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1863447/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
