Viewing Issue Simple Details
[ Jump to Notes ]
[ Wiki ]
|
[ View Advanced ]
[ Issue History ]
[ Print ]
|
ID |
Category |
Severity |
Reproducibility |
Date Submitted |
Last Update |
0012656 |
[DCSS] Bug Report |
major |
sometimes |
2021-10-08 13:34 |
2021-10-08 13:34 |
|
Reporter |
damerell |
View Status |
public |
|
Assigned To |
|
Priority |
normal |
Resolution |
open |
|
Status |
new |
|
Product Branch |
longterm development (0.31+) |
|
Summary |
0012656: CAO (and others?) has ancient ssh daemon, probably insecure. |
Description |
https://www.openssh.com/releasenotes.html [^] - "This release disables RSA signatures using the SHA-1 hash algorithm by default."
On IRC I saw a report of the practical effects of this in the wild; a user unable to connect with a new OpenSSH to CAO.
The sshd on CAO reports itself as OpenSSH_6.0p1. If true, this is too old for "OpenSSH has supported RFC8332 RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys will automatically use the stronger algorithm where possible"; it is also the version from Debian wheezy, which went out of security support three years ago. |
Additional Information |
|
Tags |
No tags attached. |
|
Attached Files |
|
|