[Bug 1499392] Re: OpenSSH Security and SHA1
Seth Arnold
1499392 at bugs.launchpad.net
Sat Oct 3 00:43:48 UTC 2015
Hello Eldin, you're right that it is time to begin migrating away from
SHA-1 in default OpenSSH configurations. However there is some
historical baggage in parts of the launchpad infrastructure that
prevented upgrading algorithms earlier. (Strictly speaking, the defaults
aren't tied to launchpad but a configuration that doesn't allow
developers to work out of the box is less than ideal.)
Some related bugs that might help explain the situation:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1445620
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1445624
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1445625
A site with many general guidelines that may influence more than just
default keysize and hash selections:
https://stribika.github.io/2015/01/04/secure-secure-shell.html
And, of course, whatever we select should be tested against Cisco gear,
since there's always a bug or two with every openssh configuration
change that prevents people from logging into or using Cisco equipment.
Colin, is it feasible to start making algorithm changes yet?
Thanks
** Changed in: openssh (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1499392
Title:
OpenSSH Security and SHA1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1499392/+subscriptions
More information about the Ubuntu-server-bugs
mailing list