From unknown Sun Apr 12 21:15:54 2026 X-Loop: owner@bugs.x2go.org Subject: Bug#472: [X2Go-Dev] Bug#472: Debian now has diffie-hellman-group1-sha1 disabled Reply-To: Mike Gabriel , 472@bugs.x2go.org Resent-From: Mike Gabriel Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Sat, 11 Oct 2014 20:50:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 472 X-X2Go-PR-Package: x2goclient X-X2Go-PR-Keywords: Received: via spool by 472-submit@bugs.x2go.org id=B472.14130604843453 (code B ref 472); Sat, 11 Oct 2014 20:50:02 +0000 Received: (at 472) by bugs.x2go.org; 11 Oct 2014 20:48:04 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 858425DEA7 for <472@bugs.x2go.org>; Sat, 11 Oct 2014 22:48:03 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id F422D16CE; Sat, 11 Oct 2014 22:48:02 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 3F6743BBCC; Sat, 11 Oct 2014 22:48:02 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0gle-K+PTE3F; Sat, 11 Oct 2014 22:48:02 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id 004A53BA5D; Sat, 11 Oct 2014 22:48:01 +0200 (CEST) Received: from p5B3B9948.dip0.t-ipconnect.de (p5B3B9948.dip0.t-ipconnect.de [91.59.153.72]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Sat, 11 Oct 2014 20:48:01 +0000 Date: Sat, 11 Oct 2014 20:48:01 +0000 Message-ID: <20141011204801.Horde.PMP6WPnVUe8IpbJWVualAQ4@mail.das-netzwerkteam.de> From: Mike Gabriel To: Alex DEKKER , 472@bugs.x2go.org Cc: o.schneyder@phoca-gmbh.de In-Reply-To: <54390F54.1070007@ale.cx> User-Agent: Internet Messaging Program (IMP) H5 (6.2.2) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 91.59.153.72 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 Iceweasel/32.0 Content-Type: multipart/signed; boundary="=__lYMKzgl-_gJMeQNcr8mnQ9"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=__lYMKzgl-_gJMeQNcr8mnQ9 Content-Type: text/plain; charset=us-ascii; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Control: severity -1 important HI Alex (DEKKER), hi Alex (Schneyder), On Sa 11 Okt 2014 13:07:00 CEST, Alex DEKKER wrote: > As of Version: 1:6.7p1-1 of openssh-server, it appears that Debian=20=20 >=20[and presumably upstream]'s sshd now has diffie-hellman-group1-sha1=20= =20 >=20disabled. This means that connections from x2goclient will fail. > > I was able to work around this by adding: > > KexAlgorithms=20=20 >=20curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh= -sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-= sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > > to /etc/ssh/sshd_config, but obviously at some point support for=20=20 >=20diffie-hellman-group1-sha1 is going to go away completely, rather=20=20 >=20than just being disabled by default. Thanks for bringing this up. Did not realize so far. @Alex Schneyder: do you think you can find a fix for this. This=20=20 actually=20is a release blocker of 4.0.3.0... And it endangers the=20=20 status=20of X2Go Client in Debian, as well. Mike --=20 DAS-NETZWERKTEAM mike=20gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x= fb --=__lYMKzgl-_gJMeQNcr8mnQ9 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJUOZeBAAoJEJr0azAldxsx6QoQAIR/+eMqJUPONKgZVJM89nGf 0fgwX6y9wrZeoZKDn06OJR1jTHSxqIcp1THifSKAVv21BQet287RX/HVQlQmUq16 R/O3FGU5MtMKsFOj/FCYIPdzRQg6F/fzJNjmOJW9jdr8DylHUivVeYcfCQ0aL+ve AB283C4H0H+bf5mxVNTdvU3rH/oBH5cMXPXq9AY2xtcNVZGZSFLJc8tksiwRxVI3 hg3aRU0PhnA1ZOrcTF4YD9vuAqMh7fOCEldS/zdwbvv2s7lIFLHtXRjBTtSxlzNB XLkPRypRDnJaFCUeF8yDHKJd25DW0FQo94ze4YazKECvc6+LaeYcL4Ug5h4st+Q+ YaCjilKI6i01Cvl1KiFdqGBDofrgZGxlWvALEjQLR6vinJklP81vgRqHfWKf+1Mc nImJvADhXzBR9ymjkMAYbCd8vQJcgN/3kK/jJ9ydYGs6bHw+JjfsaOrMe5VwLesC mlmKatmLNyns1Aboe8f+H84uB4Wjq1gJL6we5J6RckmmZHJvox5psacYDNYXphar UJR2M2r1hbpzRPkO+GYUXpAEzmstJt26jasizf8Qb3Zcts+/yLjj68QKsjIfkQj3 nZAZyV7OeQO6hVjR71Tdrs8cFvz5YgVgwFIFs5/IfTXVxqgPkwlXQ15dfiBamm8Q cF2ZG4wVZ9BRCM4/1TgP =5uOj -----END PGP SIGNATURE----- --=__lYMKzgl-_gJMeQNcr8mnQ9--