Bug#787037: openssh-client: remove 1Kbit DH groups from /etc/ssh/moduli

To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, 787037@bugs.debian.org
Subject: Bug#787037: openssh-client: remove 1Kbit DH groups from /etc/ssh/moduli
From: Matthew Vernon <matthew@debian.org>
Date: 28 May 2015 13:30:30 +0100
Message-id: <[🔎] 5b4mmwvq8p.fsf@chiark.greenend.org.uk>
Reply-to: Matthew Vernon <matthew@debian.org>, 787037@bugs.debian.org
In-reply-to: <[🔎] 87fv6hfnfd.fsf@alice.fifthhorseman.net>
References: <[🔎] 87fv6hfnfd.fsf@alice.fifthhorseman.net>

Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:

> Upstream is removing 1Kbit DH groups from /etc/ssh/moduli (see attached
> message).  Debian should do the same (possibly backporting the fix to
> earlier releases as well), to reduce the likelihood that clients of
> debian ssh servers get stuck using a widely-used group that is weaker
> than we'd like.

I've been following the discussion upstream; but we did already have a
bug where weak-DH was being discussed - #774711. Do we need this one
too? 

Regards,

Matthew 

-- 
"At least you know where you are with Microsoft."
"True. I just wish I'd brought a paddle."
http://www.debian.org

Reply to:

Follow-Ups:
- Bug#787037: openssh-client: remove 1Kbit DH groups from /etc/ssh/moduli
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

References:
- Bug#787037: openssh-client: remove 1Kbit DH groups from /etc/ssh/moduli
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Prev by Date: Bug#787037: openssh-client: remove 1Kbit DH groups from /etc/ssh/moduli
Next by Date: Bug#787037: openssh-client: remove 1Kbit DH groups from /etc/ssh/moduli
Previous by thread: Bug#787037: openssh-client: remove 1Kbit DH groups from /etc/ssh/moduli
Next by thread: Bug#787037: openssh-client: remove 1Kbit DH groups from /etc/ssh/moduli
Index(es):
- Date
- Thread