[Bug 2079834] Re: libssh2-1 lacks support for rsa-sha2-{512,256}

Leonidas S. Barbosa 2079834 at bugs.launchpad.net
Fri Sep 20 19:00:44 UTC 2024 

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libssh2 in Ubuntu.
https://bugs.launchpad.net/bugs/2079834

Title:
  libssh2-1 lacks support for rsa-sha2-{512,256}

Status in libssh2 package in Ubuntu:
  New

Bug description:
  OS: Ubuntu 22.04LTS
  Package: libssh2-1/jammy,now 1.10.0-3

  SSH-RSA is/has been deprecated due to known vulnerabilities.

  I am writing a Perl program to scan my company's public facing routers
  to determine which devices support ssh-rsa and support the newer rsa-
  sha2-{512,256}. However, libssh2-1, which is used by the Perl Net:SSH2
  CPAN module, does not support rsa-sha2-{512,256}. There is a new
  version of libssh2 version 1.11 which came out in 2023 that does
  support rsa-sha2-{512,256}.

  I am running my scripts on a shared bastion host running Ubuntu
  22.04LTS and is not easily nor readily upgradable at this time.

  Due to the potential security risks involved with ssh-rsa is it
  possible to incorporate libssh2 version 1.11 into Ubuntu 22.04LTS?
  Based on my testing of libssh2-1t64 on Ubuntu 24.04 I do not believe
  this would be a breaking change.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: libssh2-1 1.10.0-3
  ProcVersionSignature: Ubuntu 5.15.0-119.129-generic 5.15.160
  Uname: Linux 5.15.0-119-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.6
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: MATE
  Date: Fri Sep  6 09:22:40 2024
  InstallationDate: Installed on 2019-05-13 (1943 days ago)
  InstallationMedia: Ubuntu 19.04 "Disco Dingo" - Release amd64 (20190416)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: libssh2
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libssh2/+bug/2079834/+subscriptions

More information about the foundations-bugs mailing list