ssh_config(5) contains outdated information
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Focal |
Fix Released
|
Wishlist
|
Michał Małoszewski | ||
Hirsute |
Won't Fix
|
Wishlist
|
Michał Małoszewski | ||
Impish |
Won't Fix
|
Wishlist
|
Michał Małoszewski |
Bug Description
[Impact]
The problem here is straightforward.
The case is to fix manpages. They need to reflect a change done to the code some time ago. That problem might be annoying for users before being fixed.
Backport upstream fix to Focal
Origin:
https:/
[Test Plan]
Make a container for testing:
First option:
$ lxc launch ubuntu:focal focal-test
$ lxc shell focal-test
Simply install the openssh package using ‘apt install’ and check ssh_config and sshd_config.
Acutal results:
1. Create a container using steps from above.
2. Type in man ssh_config and check that as well as the sshd_config.
3. You should spot the ssh-rsa entries in the manpage within the CASignatureAlgo
Expected results:
1. Create a container using steps from above.
2. Type in man ssh_config and check that as well as the sshd_config.
3. You shouldn't spot the ssh-rsa entries in the manpage within the CASignatureAlgo
[Where problems could occur]
Any code change might change the behavior of the package in a specific situation and cause other errors.
Next things which might cause regression are new dependencies which might not align and it is obvious the dependencies are upgraded and it might be a problem, but it is really unlikely.
Even none of the rather generic cases above does apply here as we only change non-functional content in the form of the man page; Therefore the only risk is out of re-building the package which could pick up something from e.g. a changed toolchain.
[Other Info]
Fixing this is nice for the users, but OTOH very low severity and would cause a package download and update on almost every Ubuntu in the world. Therefore we will mark this as block-proposed and keep it in focal-proposed so that a later real update (security or functional) will pick this up from -proposed and then fix it in the field for real.
-------
The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAl
CASignatur
by certificate authorities (CAs). The default is:
ssh(1) will not accept host certificates signed using algorithms
other than those specified.
As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1).
Related branches
- Christian Ehrhardt (community): Approve
- Andreas Hasenack: Needs Fixing
- git-ubuntu import: Pending requested
- Canonical Server Reporter: Pending requested
-
Diff: 73 lines (+51/-0)3 files modifieddebian/changelog (+7/-0)
debian/patches/fix-outdated-info-ssh-conf.patch (+43/-0)
debian/patches/series (+1/-0)
- git-ubuntu import: Pending requested
- Andreas Hasenack: Pending requested
- Canonical Server Reporter: Pending requested
-
Diff: 101 lines (+67/-0) (has conflicts)3 files modifieddebian/changelog (+9/-0)
debian/patches/fix-outdated-info-ssh-conf.patch (+54/-0)
debian/patches/series (+4/-0)
- Andreas Hasenack: Needs Fixing
- Canonical Server Reporter: Pending requested
- git-ubuntu import: Pending requested
-
Diff: 84 lines (+62/-0)3 files modifieddebian/changelog (+7/-0)
debian/patches/fix-outdated-info-ssh-conf.patch (+54/-0)
debian/patches/series (+1/-0)
description: | updated |
Changed in openssh (Ubuntu): | |
importance: | Undecided → Low |
status: | New → Triaged |
tags: | added: bitesize |
Changed in openssh (Ubuntu Focal): | |
assignee: | nobody → Michał Małoszewski (michal-maloszewski99) |
Changed in openssh (Ubuntu Hirsute): | |
assignee: | nobody → Michał Małoszewski (michal-maloszewski99) |
Changed in openssh (Ubuntu Impish): | |
assignee: | nobody → Michał Małoszewski (michal-maloszewski99) |
tags: | added: block-proposed |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
This has been fixed upstream, as shown in [1] and is available in jammy.
[1] https:/ /github. com/openssh/ openssh- portable/ commit/ 53ea05e09b04fd7 b6dea66b42b34d6 5fe61b9636