[Bug 2079834] Re: libssh2-1 lacks support for rsa-sha2-{512,256}

rwsmith61 2079834 at bugs.launchpad.net
Wed Oct 9 19:01:18 UTC 2024 

I am not just doing auditing of hostkey algorithms; I do have 2+ dozen
scripts that generates reports on a regular basis of our network
devices. So, ssh-audit does not fully fit the bill of my work.

I am sure you have done the SRU on the latest libssh2 as it is in Ubuntu
24.04LTS as I mentioned above. In Ubuntu 24.04LTS it is package:
libssh2-1t64 based on libssh2 version 1.11.0-4.build2.

I don't have administrative access to the bastion host that I have to
use to run my scripts on our network devices. The BH administrators have
said they are willing to upgrade the package for me once it comes out.
And they are not currently willing to upgrade to 24.04LTS any time in
the near future.

I really need the rsa-sha2-{256,512} algorithms in libssh2 in Ubuntu
22.04. If I had admin access I would just copy over the Ubuntu 24.04
libssh2 shared object but I don't.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libssh2 in Ubuntu.
https://bugs.launchpad.net/bugs/2079834

Title:
  libssh2-1 lacks support for rsa-sha2-{512,256}

Status in libssh2 package in Ubuntu:
  Confirmed

Bug description:
  OS: Ubuntu 22.04LTS
  Package: libssh2-1/jammy,now 1.10.0-3

  SSH-RSA is/has been deprecated due to known vulnerabilities.

  I am writing a Perl program to scan my company's public facing routers
  to determine which devices support ssh-rsa and support the newer rsa-
  sha2-{512,256}. However, libssh2-1, which is used by the Perl Net:SSH2
  CPAN module, does not support rsa-sha2-{512,256}. There is a new
  version of libssh2 version 1.11 which came out in 2023 that does
  support rsa-sha2-{512,256}.

  I am running my scripts on a shared bastion host running Ubuntu
  22.04LTS and is not easily nor readily upgradable at this time.

  Due to the potential security risks involved with ssh-rsa is it
  possible to incorporate libssh2 version 1.11 into Ubuntu 22.04LTS?
  Based on my testing of libssh2-1t64 on Ubuntu 24.04 I do not believe
  this would be a breaking change.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: libssh2-1 1.10.0-3
  ProcVersionSignature: Ubuntu 5.15.0-119.129-generic 5.15.160
  Uname: Linux 5.15.0-119-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.6
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: MATE
  Date: Fri Sep  6 09:22:40 2024
  InstallationDate: Installed on 2019-05-13 (1943 days ago)
  InstallationMedia: Ubuntu 19.04 "Disco Dingo" - Release amd64 (20190416)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: libssh2
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libssh2/+bug/2079834/+subscriptions

More information about the foundations-bugs mailing list