2016-04-25 00:50:07 |
TJ |
description |
After upgrade to 16.04 ssh client will not connect to any host, reporting
/home/tj/.ssh/config line 109: Bad protocol spec '1'.
The entry is:
Host ups-01
Hostname 10.254.0.1
User hostmaster
IdentityFile ~/.ssh/id_hostmaster
IdentitiesOnly yes
Protocol 1
If this were an entry in /etc/ssh/ssh_config and the user had no privileges to edit that file it could create a denial of service to the ssh client (if the user doesn't know how to over-ride the config).
It would be helpful if the openssh-client postinst script were to grep the standard config files (including for users) and add a warning to the motd and syslog if any invalidated configuration statements are found.
This will especially affect connections to embedded devices - in this case it is an ssh server on a management VLAN in a network-attached 32-port switched Cabinet Distribution Unit (CDU) that cannot be upgraded, and only supports Protocol 1.
According to the 16.04 Release Notes protocol 1 requires the openssh-client-ssh1 package with the ssh1 binary. |
After upgrade to 16.04 ssh client will not connect to any host, reporting
/home/tj/.ssh/config line 109: Bad protocol spec '1'.
The entry is:
Host ups-01
Hostname 10.254.0.1
User hostmaster
IdentityFile ~/.ssh/id_hostmaster
IdentitiesOnly yes
Protocol 1
If this were an entry in /etc/ssh/ssh_config and the user had no privileges to edit that file it could create a denial of service to the ssh client (if the user doesn't know how to over-ride the config).
It would be helpful if the openssh-client postinst script were to grep the standard config files (including for users) and add a warning to the motd and syslog if any invalidated configuration statements are found.
This will especially affect connections to embedded devices - in this case it is an ssh server on a management VLAN in one of several network-attached Uninterruptable Power Supplies that cannot be upgraded, and only support Protocol 1.
According to the 16.04 Release Notes protocol 1 requires the openssh-client-ssh1 package with the ssh1 binary. |
|