X2Go Bug report logs - #472
Upgrade SSH key exchange and message authentication code from SHA1 to SHA2

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Aurélien Grosdidier <aurelien.grosdidier@gmail.com>

Date: Thu, 3 Apr 2014 14:35:02 UTC

Severity: important

Found in version 4.0.1.3-1

Full log

🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#472: [X2Go-Dev] Bug#472: Debian now has diffie-hellman-group1-sha1 disabled
Reply-To: Oleksandr Shneyder <o.shneyder@phoca-gmbh.de>, 472@bugs.x2go.org
Resent-From: Oleksandr Shneyder <o.shneyder@phoca-gmbh.de>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: X2Go Developers <x2go-dev@lists.x2go.org>
X-Loop: owner@bugs.x2go.org
Resent-Date: Mon, 13 Oct 2014 13:55:02 +0000
Resent-Message-ID: <handler.472.B472.141320826416496@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: followup 472
X-X2Go-PR-Package: x2goclient
X-X2Go-PR-Keywords: 
Received: via spool by 472-submit@bugs.x2go.org id=B472.141320826416496
          (code B ref 472); Mon, 13 Oct 2014 13:55:02 +0000
Received: (at 472) by bugs.x2go.org; 13 Oct 2014 13:51:04 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED
	autolearn=ham version=3.3.2
X-Greylist: delayed 1005 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Mon, 13 Oct 2014 15:51:02 CEST
Received: from mail.cowic.de (mx1.cowic.de [80.190.97.241])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTP id D7A8D5E09F
	for <472@bugs.x2go.org>; Mon, 13 Oct 2014 15:51:02 +0200 (CEST)
Received: from [192.168.0.108] (ipbcc2257c.dynamic.kabel-deutschland.de [188.194.37.124])
	by mail.cowic.de (Postfix) with ESMTP id 47888380D6DC;
	Mon, 13 Oct 2014 15:34:17 +0200 (CEST)
Message-ID: <543BD4D8.5060309@phoca-gmbh.de>
Date: Mon, 13 Oct 2014 15:34:16 +0200
From: Oleksandr Shneyder <o.shneyder@phoca-gmbh.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.5.0
MIME-Version: 1.0
To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 
 Alex DEKKER <bugs@ale.cx>,
 472@bugs.x2go.org
CC: o.schneyder@phoca-gmbh.de
References: <20141011204801.Horde.PMP6WPnVUe8IpbJWVualAQ4@mail.das-netzwerkteam.de>
In-Reply-To: <20141011204801.Horde.PMP6WPnVUe8IpbJWVualAQ4@mail.das-netzwerkteam.de>
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="FUf01UlC5Bof2n0nVk71Vc0WqPRLNpRhh"

[Message part 1 (text/plain, inline)]
And why is it a problem for X2Go? Is libssh not working any more? Then
it should be fixed in libssh, not in x2go?

Am 11.10.2014 22:48, schrieb Mike Gabriel:
> Control: severity -1 important
> 
> HI Alex (DEKKER), hi Alex (Schneyder),
> 
> On  Sa 11 Okt 2014 13:07:00 CEST, Alex DEKKER wrote:
> 
>> As of Version: 1:6.7p1-1 of openssh-server, it appears that Debian
>> [and presumably upstream]'s sshd now has diffie-hellman-group1-sha1
>> disabled. This means that connections from x2goclient will fail.
>>
>> I was able to work around this by adding:
>>
>> KexAlgorithms
>> curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>>
>>
>> to /etc/ssh/sshd_config, but obviously at some point support for
>> diffie-hellman-group1-sha1 is going to go away completely, rather than
>> just being disabled by default.
> 
> Thanks for bringing this up. Did not realize so far.
> 
> @Alex Schneyder: do you think you can find a fix for this. This actually
> is a release blocker of 4.0.3.0... And it endangers the status of X2Go
> Client in Debian, as well.
> 
> Mike
> 
> 


-- 
-----------------------------------------------------------
Oleksandr Shneyder        | Email: o.shneyder@phoca-gmbh.de
phoca GmbH                | Tel. : 0911 - 14870374 0
Ludwig-Feuerbach-str. 18  | Fax. : 0911 - 14870374 9
D-90489 Nürnberg          | Mobil: 0163 - 49 64 461

Geschäftsführung:
Dipl.-Inf. Oleksandr Shneyder

Amtsgericht München | http://www.phoca-gmbh.de
HRB 196 658         | http://www.x2go.org
USt-IdNr.: DE281977973
-----------------------------------------------------------


[signature.asc (application/pgp-signature, attachment)]

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Nov 21 14:55:19 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.