Ubuntu
openssh package

ssh client: blowfish-cbc required - missing in bionic

Bug #1769284 reported by Jens Elkner
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Won't Fix
Undecided
Unassigned
openssh-ssh1 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

In bionic openssh client/server ships without blowfish-cbc, arcfour, arcfour128, arcfour256 and cast128-cbc. Unfortunately they are required for backward compatibility, especially for embedded devices, which do not support other ciphers (e.g. Rittal Liquid Cooling Package for racks).

So disable them per default is ok, but one should still be able to use them on demand for older, non-upgradable HW/SW envs.

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Hello Jens, I believe the openssh-client-ssh1 package provides a client that can be used to communicate with legacy hardware.

Thanks

Changed in openssh (Ubuntu):
status: New → Won't Fix
Changed in openssh-ssh1 (Ubuntu):
status: New → Fix Released
Revision history for this message
Jens Elkner (jelmd) wrote :

No, this is not an option. Also note, that this breaks a lot of workflows without reason, because Ubuntu ssh client simply stops working with a message like "~/.ssh/config line 3: Bad SSH2 cipher spec '...'": it simply does not know such ciphers (does not ignore them). So especially in environments with shared homes bionic (the usual case in enterprises?) cannot be deployed (and telling people, that they need to use different options when the are on bionic, is simply is useless pain for the users as well as company hotlines).

Ubuntu should do, what all major enterprise ready distributions/unices do, i.e. bundle support for those ciphers for backward compatibility, but disable them per default).

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.