[Bug 1871465] Re: ssh_config(5) contains outdated information

Paride Legovini 1871465 at bugs.launchpad.net
Thu Nov 18 10:43:40 UTC 2021 

As the fix is in Jammy I think we can mark the devel task as Fix
Released.

I doubt this is SRU material as the impact of the bug is really low;
maybe it could be done with a staged upload [1]. I'm marking the SRU
tasks as Triaged as the bug is well understood.

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Staging_an_upload

** Changed in: openssh (Ubuntu)
       Status: Fix Committed => Fix Released

** Changed in: openssh (Ubuntu Focal)
       Status: New => Triaged

** Changed in: openssh (Ubuntu Hirsute)
       Status: New => Triaged

** Changed in: openssh (Ubuntu Impish)
       Status: New => Triaged

** Changed in: openssh (Ubuntu Focal)
   Importance: Undecided => Wishlist

** Changed in: openssh (Ubuntu Hirsute)
   Importance: Undecided => Wishlist

** Changed in: openssh (Ubuntu Impish)
   Importance: Undecided => Wishlist

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1871465

Title:
  ssh_config(5) contains outdated information

Status in openssh package in Ubuntu:
  Fix Released
Status in openssh source package in Focal:
  Triaged
Status in openssh source package in Hirsute:
  Triaged
Status in openssh source package in Impish:
  Triaged

Bug description:
  The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list
  of CACertificateAlgorithms. However the latest `openssh-client` still
  ships the man page for ssh_config(5) that contains the following
  description:

       CASignatureAlgorithms
               Specifies which algorithms are allowed for signing of certificates 
               by certificate authorities (CAs).  The default is:

                     ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
                     ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa

               ssh(1) will not accept host certificates signed using algorithms 
               other than those specified.

  As far as I am concerned, `ssh-rsa` should be dropped from the list so
  as to match the behavior of ssh(1).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions

More information about the foundations-bugs mailing list