Ubuntu
openssh package

[16.04] ssh <host>: Bad protocol spec '1'

Bug #1574415 reported by TJ
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Confirmed
Low
Unassigned

Bug Description

After upgrade to 16.04 ssh client will not connect to any host, reporting

/home/tj/.ssh/config line 109: Bad protocol spec '1'.

The entry is:

Host ups-01
Hostname 10.254.0.1
User hostmaster
IdentityFile ~/.ssh/id_hostmaster
IdentitiesOnly yes
Protocol 1

If this were an entry in /etc/ssh/ssh_config and the user had no privileges to edit that file it could create a denial of service to the ssh client (if the user doesn't know how to over-ride the config).

It would be helpful if the openssh-client postinst script were to grep the standard config files (including for users) and add a warning to the motd and syslog if any invalidated configuration statements are found.

This will especially affect connections to embedded devices - in this case it is an ssh server on a management VLAN in one of several network-attached Uninterruptable Power Supplies that cannot be upgraded, and only support Protocol 1.

According to the 16.04 Release Notes protocol 1 requires the openssh-client-ssh1 package with the ssh1 binary.

See original description
TJ (tj)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in openssh (Ubuntu):
status: New → Confirmed
Revision history for this message
Robie Basak (racb) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

As this affects only unusual end-user configurations, it was release noted and a workaround is available, I'm setting this to Importance: Low.

I also think it's a stretch to ask for automated mitigation for a deprecated protocol, but I'll stop short of setting this to Won't Fix. I certainly don't expect this request to make any progress without a patch though, and even in that case I'm not sure it'd be accepted.

Changed in openssh (Ubuntu):
importance: Undecided → Low
Revision history for this message
Colin Watson (cjwatson) wrote :

I certainly won't grep user configuration files from package maintainer scripts - that sort of thing causes serious problems in some environments, particularly those with lots of users or home directories mounted over NFS.

There's something to be said for doing a better job of the error message in this case (e.g. pointing people to the openssh-client-ssh1 package), although I'm wary of ending up maintaining yet another long-lived and necessarily-Debian-specific patch.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.