[Bug 933480] Re: Picks hmac-md5 over hmac-sha1

Sat Feb 18 23:46:42 UTC 2012

Hi Chris, thanks for taking the time to file this bug and help us make
Ubuntu better.

According to RFC 6151, this is not an urgent matter:

http://tools.ietf.org/html/rfc6151

I do think that it is rather odd that hmac-md5 is still the default, but
the upstream openssh authors seems to find that acceptable, and so I
think we can also follow their lead. This is perhaps something to take
up with the OpenSSH developers on their mailing list.

Because it is not urgent and upstream has not seen fit to correct the
issue, I am marking this bug as Wishlist. It is definitely something to
consider, so I'm marking it as Confirmed.

Chris, it would be fantastic if you would forward this bug to the
OpenSSH mailing list to get the ball rolling on on a discussion. Once
you've done so, report back here the results of the discussion, and we
can mark this as Triaged (if there is a change to make) or perhaps close
it if upstream is not interested in changing the default.

** Changed in: openssh (Ubuntu)
   Importance: Undecided => Wishlist

** Changed in: openssh (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/933480

Title:
  Picks hmac-md5 over hmac-sha1

Status in “openssh” package in Ubuntu:
  Confirmed

Bug description:
  The OpenSSH client defaults to picking hmac-md5, which is based on the
  demonstrably insecure MD5 algorithm:

  faux at wilf:~% ssh -v localhost true 2>&1 | grep hmac
  debug1: kex: server->client aes128-ctr hmac-md5 none
  debug1: kex: client->server aes128-ctr hmac-md5 none

  MD5 has had practical vulnerabilities for around eight years, and its
  use is highly discouraged.  SHA1 is a supported alternative, and is
  supported by the packaged openssh-server, and many other ssh
  implementations.

  MD5 is selected as man ssh_config suggests the default algorithms are, in order of preference (most preferred first):
      hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-sha1-96,hmac-md5-96

  Please append:
      MACs hmac-sha1,hmac-md5,umac-64 at openssh.com,hmac-ripemd160,hmac-sha1-96,hmac-md5-96

  ...to /etc/ssh/ssh_config, such that the client will prefer SHA-1:

  faux at wilf:~% ssh -v localhost true 2>&1 | grep hmac
  debug1: kex: server->client aes128-ctr hmac-sha1 none
  debug1: kex: client->server aes128-ctr hmac-sha1 none

  This should have no compatibility concerns as MD5 is still a supported
  algorithm.

  Note that non-privileged users can override this setting either way on
  a per-connection basis by specifying MACs in ~/.ssh/config.

  ProblemType: Bug
  DistroRelease: Ubuntu 11.10
  Package: openssh-client 1:5.8p1-7ubuntu1
  ProcVersionSignature: Ubuntu 3.0.0-16.28-generic 3.0.17
  Uname: Linux 3.0.0-16-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 1.23-0ubuntu4
  Architecture: amd64
  CheckboxSubmission: b0d31efda01870980e2e5a89390b685c
  CheckboxSystem: 6ce041aeed0a2c17b3343b66d157175d
  Date: Thu Feb 16 13:59:43 2012
  EcryptfsInUse: Yes
  InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
  ProcEnviron:
   PATH=(custom, user)
   LANG=en_GB.UTF-8
   SHELL=/bin/zsh
  RelatedPackageVersions:
   ssh-askpass       N/A
   libpam-ssh        N/A
   keychain          N/A
   ssh-askpass-gnome 1:5.8p1-7ubuntu1
  SSHClientVersion: OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011
  SourcePackage: openssh
  UpgradeStatus: Upgraded to oneiric on 2011-05-03 (289 days ago)
  modified.conffile..etc.ssh.ssh.config: [modified]
  mtime.conffile..etc.ssh.ssh.config: 2012-02-16T13:59:11.376423

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/933480/+subscriptions