[Bug 1769284] Re: ssh client: blowfish-cbc required - missing in bionic
Jens Elkner
1769284 at bugs.launchpad.net
Sat May 5 02:32:14 UTC 2018
No, this is not an option. Also note, that this breaks a lot of
workflows without reason, because Ubuntu ssh client simply stops
working with a message like "~/.ssh/config line 3: Bad SSH2 cipher spec
'...'": it simply does not know such ciphers (does not ignore them). So
especially in environments with shared homes bionic (the usual case in
enterprises?) cannot be deployed (and telling people, that they need to
use different options when the are on bionic, is simply is useless pain
for the users as well as company hotlines).
Ubuntu should do, what all major enterprise ready distributions/unices
do, i.e. bundle support for those ciphers for backward compatibility,
but disable them per default).
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1769284
Title:
ssh client: blowfish-cbc required - missing in bionic
Status in openssh package in Ubuntu:
Won't Fix
Status in openssh-ssh1 package in Ubuntu:
Fix Released
Bug description:
In bionic openssh client/server ships without blowfish-cbc, arcfour,
arcfour128, arcfour256 and cast128-cbc. Unfortunately they are
required for backward compatibility, especially for embedded devices,
which do not support other ciphers (e.g. Rittal Liquid Cooling Package
for racks).
So disable them per default is ok, but one should still be able to use
them on demand for older, non-upgradable HW/SW envs.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1769284/+subscriptions
More information about the foundations-bugs
mailing list