[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#854650: marked as done (openssh-client: does not list rsa-sha2-256 and rsa-sha2-512)

Your message dated Sun, 3 Oct 2021 22:39:17 +0100
with message-id <YVojBe91mXAE/3cb@riva.ucam.org>
and subject line Re: Bug#854650: openssh-client: does not list rsa-sha2-256 and rsa-sha2-512
has caused the Debian Bug report #854650,
regarding openssh-client: does not list rsa-sha2-256 and rsa-sha2-512
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
854650: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854650
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: openssh-client
Version: 1:7.4p1-6
Severity: normal

ssh_config(5) lists "ssh -Q key" as the way to discover valid algorithms
for the HostKeyAlgorithms page.  However, neither the man page nor that
option lists the rsa-sha2-256 and rsa-sha2-512 options.

Since these values are not documented, users are likely to omit them,
resulting in negotiating weaker signature algorithms (RSA/SHA-1) than
they might otherwise have.

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openssh-client depends on:
ii  adduser           3.115
ii  dpkg              1.18.22
ii  libc6             2.24-9
ii  libedit2          3.1-20160903-3
ii  libgssapi-krb5-2  1.15-1
ii  libselinux1       2.6-3
ii  libssl1.0.2       1.0.2k-1
ii  passwd            1:4.4-3
ii  zlib1g            1:1.2.8.dfsg-5

Versions of packages openssh-client recommends:
ii  xauth  1:1.0.9-1

Versions of packages openssh-client suggests:
pn  keychain      <none>
pn  libpam-ssh    <none>
pn  monkeysphere  <none>
pn  ssh-askpass   <none>

-- no debconf information

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: https://keybase.io/bk2204

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Source: openssh
Source-Version: 1:8.2p1-1

On Wed, Oct 04, 2017 at 01:19:07PM +0100, Colin Watson wrote:
> On Thu, Feb 09, 2017 at 12:28:05AM +0000, brian m. carlson wrote:
> > ssh_config(5) lists "ssh -Q key" as the way to discover valid algorithms
> > for the HostKeyAlgorithms page.  However, neither the man page nor that
> > option lists the rsa-sha2-256 and rsa-sha2-512 options.
> > 
> > Since these values are not documented, users are likely to omit them,
> > resulting in negotiating weaker signature algorithms (RSA/SHA-1) than
> > they might otherwise have.
> 
> This seems to be at least somewhat deliberate, although I don't know
> why:
> 
>   https://anongit.mindrot.org/openssh.git/commit/?id=3a13cb543df9919aec2fc6b75f3dd3802facaeca

This was fixed in OpenSSH 8.2: ssh_config(5) now documents "ssh -Q
HostKeyAlgorithms" instead, and that lists rsa-sha2-256 and
rsa-sha2-512.

-- 
Colin Watson (he/him)                              [cjwatson@debian.org]

--- End Message ---
Reply to: