[Bug 1728607] Re: weak preferred kex in 16.04 LTS
Ubuntu Foundations Team Bug Bot
1728607 at bugs.launchpad.net
Mon Nov 13 20:21:46 UTC 2017
The attachment "debdiff" seems to be a debdiff. The ubuntu-sponsors
team has been subscribed to the bug report so that they can review and
hopefully sponsor the debdiff. If the attachment isn't a patch, please
remove the "patch" flag from the attachment, remove the "patch" tag, and
if you are member of the ~ubuntu-sponsors, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issue please contact him.]
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1728607
Title:
weak preferred kex in 16.04 LTS
Status in paramiko package in Ubuntu:
New
Bug description:
Paramiko 1.* uses diffie-hellman-group1-sha1 as its most preferred
kex, but this kex is now considered weak. OpenSSH 7 dropped it from
its defaults in 2015. Some devices start to complain or even to reject
connections because of that (I'm experiencing it with routers and
firewalls)
This has been fixed upstream in paramiko 2.3.1:
https://github.com/paramiko/paramiko/commit/c1233679c448b445ec991710d259eec0a9f64b61
It would be nice to land that in the lastest LTS, probably as a security update.
It shouldn't have any impact, as long as diffie-hellman-group1-sha1 remains in this list.
(maybe
https://github.com/paramiko/paramiko/commit/b395444062e82953d417a4da9157667c2e05d758
should be considered too)
Thoughts?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/paramiko/+bug/1728607/+subscriptions
More information about the Ubuntu-sponsors
mailing list