[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#774793: openssh: SSH uses insecure Ciphers, MACs and KexAlgorithms by default

On Wed, Jan 07, 2015 at 06:29:17PM +0100, comotion@krutt.org wrote:
> The latest batch of Snowden documents[1] has shown that misbehaving
> nationstates can decrypt many of the SSH ciphers at least some of the
> time. Every debian system ships with openssh-server and many rely on
> openssh in varied environments. The Debian defaults should be changed
> to fix this vulnerability.

The defaults should be changed upstream first (has anyone contacted
them?); I'm aware that changes to the Debian packaging would be needed
but I don't normally make this kind of change unilaterally.
Furthermore, it would be appropriate for people advocating such changes
to do some interoperability testing with the other SSH clients in
Debian, such as conch and putty, to find out what effect this would have
across the whole Debian system.

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]
Reply to: