From mikedep333@gmail.com Tue Oct 14 01:22:11 2014 Received: (at 472) by bugs.x2go.org; 13 Oct 2014 23:22:12 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_05,FREEMAIL_FROM, T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 7BA385E09F for <472@bugs.x2go.org>; Tue, 14 Oct 2014 01:22:11 +0200 (CEST) Received: by mail-wi0-f178.google.com with SMTP id h11so5175914wiw.5 for <472@bugs.x2go.org>; Mon, 13 Oct 2014 16:22:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=arXx57tNVITzpHGwKyCRqgtwHbnaSL61D6yaFKgHLdQ=; b=SsXfKBvRlxDG5sb7BwoC7hSNXR5RCp4oGFNAiGCgi8luiZT0HXWHefeOMgjS9Vzp2j ccZ2pTmatjrlaMFnASIfrSiBYIod2cUNjRWxFNYhsFwkMEu1+WXHBKad4fhtjUqdTBEB hN+cbNmv0HHNC3S+qcVYOvfXmYz2Ho5b4gH47BHaHw7aEkVaCHSwa/yE2yFhrF0ywTok 7sy30TI+AO8g7ClsoZekIT5JfjbjpP3083J9EuLednXVY6goubwOodruomhfeWV/UGSA 1B65xd7+7LGnrB2lKmRAsqcD3yZxi+2dwZMfc+atq1BwKZpvFwjHR++6D2sWPs2F6++V OKpA== MIME-Version: 1.0 X-Received: by 10.194.61.51 with SMTP id m19mr1294131wjr.15.1413242531099; Mon, 13 Oct 2014 16:22:11 -0700 (PDT) Received: by 10.180.211.11 with HTTP; Mon, 13 Oct 2014 16:22:11 -0700 (PDT) In-Reply-To: References: <20141011204801.Horde.PMP6WPnVUe8IpbJWVualAQ4@mail.das-netzwerkteam.de> <543BD4D8.5060309@phoca-gmbh.de> Date: Mon, 13 Oct 2014 19:22:11 -0400 Message-ID: Subject: Re: [X2Go-Dev] Bug#472: Bug#472: Bug#472: Debian now has diffie-hellman-group1-sha1 disabled From: Michael DePaulo To: Oleksandr Shneyder , 472@bugs.x2go.org, Mike Gabriel Cc: o.schneyder@phoca-gmbh.de, Alex DEKKER Content-Type: text/plain; charset=UTF-8 On Mon, Oct 13, 2014 at 3:33 PM, Michael DePaulo wrote: > [...] > > Looking through the libssh git logs, it appears that libssh 0.6 was > the first version to add support for a non-sha1 key exchange method, > ecdh_sha2_nistp256 [1]. > > 0.6 also added support for curve25519-sha256@libssh.org [1]. > > In a few hours or so, I will test if using a libssh 0.6.x linked > version of x2goclient fixes this bug. > > Jessie does include libssh 0.6.3 (Thanks to our DD, Mike#1)[2]. > > -Mike#2 > > [1] http://git.libssh.org/projects/libssh.git/log/?id=libssh-0.6.0&qt=grep&q=sha2 > [2] https://packages.debian.org/jessie/libssh-4 The bad news: I can confirm that X2Go Client for Windows 4.0.2.1+hotfix+build6 (and all prior versions/builds) ARE AFFECTED by this bug and ARE UNABLE to connect to a Debian Jessie server with openssh-server 6.7p1-2 (from sid) installed. Said version of X2go Client for Windows bundles and uses libssh 0.5.5. The good news: I can confirm that X2Go Client for Windows 4.0.3.0 nightly builds (mingw 4.8 tested) ARE NOT AFFECTED by this bug and ARE ABLE to connect to a Debian Jessie server with openssh-server 6.7p1-2 (from sid) installed. Said version of X2Go Client bundles and uses libssh 0.6.3. See bug #590 for the details on X2Go Client for Windows having libssh upgraded to 0.6.x during 4.0.3.0's development cycle. -Mike#2