Bug#343896: iLO workarounds

To: 343896@bugs.debian.org
Subject: Bug#343896: iLO workarounds
From: Matt Taggart <taggart@debian.org>
Date: Sat, 12 Sep 2015 16:26:30 -0700
Message-id: <[🔎] 20150912232630.D6AD7203@taggart.lackof.org>
Reply-to: Matt Taggart <taggart@debian.org>, 343896@bugs.debian.org

This bug is coming up on it's TEN YEAR anniversary!

HP has had 10 years to fix the broken ssh implementations in these devices. 
They no longer care about these older products, and even the slightly newer 
devices fail to support modern crypto and have other bugs.

I think this bug can continue to document work-arounds but should be tagged 
wontfix and no priority placed on compatibility with these old broken 
products. (still possible currently, but sha1, 3des, md5, cbc, etc. will 
eventually be disabled and will stop)

Hopefully this will also serve as an example to HP and other vendors that 
choosing to use proprietary firmware on these devices is both inferior and 
not as cost effective. If they had used something like dropbear for the ssh 
implemention there would be no compatibility problems and they'd also have 
support for all the latest crypto.

Here's an idea for HP: they are working on new IoT software stacks that 
will use FOSS technologies and prioritize security. As a demonstratation of 
these new software stacks, why not port them to older iLO devices first. 
iLO devices could be considered some of the first IoT devices :)

-- 
Matt Taggart
taggart@debian.org

Reply to:

Prev by Date: Bug#343896: openssh - ilo workarounds
Next by Date: Bug#774711: recommendations for changing openssh defaults
Previous by thread: Bug#343896: openssh - ilo workarounds
Next by thread: openssh 1:6.9p1-2 MIGRATED to testing
Index(es):
- Date
- Thread