[Bug 1154537] Re: Please enable SSH-1 protocol support

Dmitrijs Ledkovs launchpad at surgut.co.uk
Wed Mar 13 16:11:37 UTC 2013


As far as I know, ssh-1 protocol is vulnerable to arbitary injection of
data into the encrypted traffic. Thus it will be highly insecure to
enable that by default. This is same reason we disable weak hash
algorithms and vulnerable old ssl/tls protocols in the web-browsers we
ship. I think this bug will be marked as "won't fix". Subscribing ubuntu
security team to make the call.

** Changed in: libssh (Ubuntu)
     Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1154537

Title:
  Please enable SSH-1 protocol support

Status in “libssh” package in Ubuntu:
  Won't Fix

Bug description:
  SSH-1 protocol support must be enabled explicitly. Please find
  attached a debdiff to enable it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/1154537/+subscriptions



More information about the Ubuntu-sponsors mailing list