From o.shneyder@phoca-gmbh.de Mon Oct 13 15:51:03 2014 Received: (at 472) by bugs.x2go.org; 13 Oct 2014 13:51:04 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 X-Greylist: delayed 1005 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Mon, 13 Oct 2014 15:51:02 CEST Received: from mail.cowic.de (mx1.cowic.de [80.190.97.241]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id D7A8D5E09F for <472@bugs.x2go.org>; Mon, 13 Oct 2014 15:51:02 +0200 (CEST) Received: from [192.168.0.108] (ipbcc2257c.dynamic.kabel-deutschland.de [188.194.37.124]) by mail.cowic.de (Postfix) with ESMTP id 47888380D6DC; Mon, 13 Oct 2014 15:34:17 +0200 (CEST) Message-ID: <543BD4D8.5060309@phoca-gmbh.de> Date: Mon, 13 Oct 2014 15:34:16 +0200 From: Oleksandr Shneyder User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.5.0 MIME-Version: 1.0 To: Mike Gabriel , Alex DEKKER , 472@bugs.x2go.org CC: o.schneyder@phoca-gmbh.de Subject: Re: [X2Go-Dev] Bug#472: Debian now has diffie-hellman-group1-sha1 disabled References: <20141011204801.Horde.PMP6WPnVUe8IpbJWVualAQ4@mail.das-netzwerkteam.de> In-Reply-To: <20141011204801.Horde.PMP6WPnVUe8IpbJWVualAQ4@mail.das-netzwerkteam.de> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="FUf01UlC5Bof2n0nVk71Vc0WqPRLNpRhh" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --FUf01UlC5Bof2n0nVk71Vc0WqPRLNpRhh Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable And why is it a problem for X2Go? Is libssh not working any more? Then it should be fixed in libssh, not in x2go? Am 11.10.2014 22:48, schrieb Mike Gabriel: > Control: severity -1 important >=20 > HI Alex (DEKKER), hi Alex (Schneyder), >=20 > On Sa 11 Okt 2014 13:07:00 CEST, Alex DEKKER wrote: >=20 >> As of Version: 1:6.7p1-1 of openssh-server, it appears that Debian >> [and presumably upstream]'s sshd now has diffie-hellman-group1-sha1 >> disabled. This means that connections from x2goclient will fail. >> >> I was able to work around this by adding: >> >> KexAlgorithms >> curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecd= h-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group= 14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 >> >> >> to /etc/ssh/sshd_config, but obviously at some point support for >> diffie-hellman-group1-sha1 is going to go away completely, rather than= >> just being disabled by default. >=20 > Thanks for bringing this up. Did not realize so far. >=20 > @Alex Schneyder: do you think you can find a fix for this. This actuall= y > is a release blocker of 4.0.3.0... And it endangers the status of X2Go > Client in Debian, as well. >=20 > Mike >=20 >=20 --=20 ----------------------------------------------------------- Oleksandr Shneyder | Email: o.shneyder@phoca-gmbh.de phoca GmbH | Tel. : 0911 - 14870374 0 Ludwig-Feuerbach-str. 18 | Fax. : 0911 - 14870374 9 D-90489 N=FCrnberg | Mobil: 0163 - 49 64 461 Gesch=E4ftsf=FChrung: Dipl.-Inf. Oleksandr Shneyder Amtsgericht M=FCnchen | http://www.phoca-gmbh.de HRB 196 658 | http://www.x2go.org USt-IdNr.: DE281977973 ----------------------------------------------------------- --FUf01UlC5Bof2n0nVk71Vc0WqPRLNpRhh Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlQ71NkACgkQxQmEC5b4kTNQ6wCfcuPm1sgIwYVXZqCT9/JNVQkd 0AQAniyfBz3zZ4DobpP37kD5+VOL9NgP =FQhI -----END PGP SIGNATURE----- --FUf01UlC5Bof2n0nVk71Vc0WqPRLNpRhh--