Please enable SSH-1 protocol support
Bug #1154537 reported by
Peter Meiser
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libssh (Ubuntu) |
Won't Fix
|
Wishlist
|
Ubuntu Security Team |
Bug Description
SSH-1 protocol support must be enabled explicitly. Please find attached a debdiff to enable it.
Changed in libssh (Ubuntu): | |
importance: | Undecided → Wishlist |
To post a comment you must log in.
As far as I know, ssh-1 protocol is vulnerable to arbitary injection of data into the encrypted traffic. Thus it will be highly insecure to enable that by default. This is same reason we disable weak hash algorithms and vulnerable old ssl/tls protocols in the web-browsers we ship. I think this bug will be marked as "won't fix". Subscribing ubuntu security team to make the call.