Bug 11751

Summary:	use strong cryptography for OpenSSH
Product:	IPFire	Reporter:	Peter Müller <peter.mueller>
Component:	---	Assignee:	Peter Müller <peter.mueller>
Status:	CLOSED FIXED	QA Contact:
Severity:	Security
Priority:	Will affect most users	CC:	michael.tremer
Version:	2
Hardware:	all
OS:	All
Bug Depends on:
Bug Blocks:	11538

Description Peter Müller 2018-06-07 05:53:00 UTC

We should ship a defined cipher list for both OpenSSH server and client (in case anybody is using IPFire as a platform for jumping into internal networks, i.e.) which is more secure than the current default.

Comment 1 Peter Müller 2018-08-19 20:53:38 UTC

A custom OpenSSH server configuration was built and submitted both to the mailing list (for including it in IPFire 2.x) and Timo (Ansible) so this is fixed.

https://patchwork.ipfire.org/patch/1895/

Comment 2 Michael Tremer 2018-08-20 11:15:55 UTC

This isn't fixed at all. A patch has been proposed, but it hasn't been shipped, yet.

  https://wiki.ipfire.org/devel/bugzilla/workflow

Also, the cipher list hasn't been changed for the ssh client which is suggested by the title of this ticket.

Comment 3 Michael Tremer 2018-08-20 11:16:20 UTC

(In reply to Michael Tremer from comment #2)
> Also, the cipher list hasn't been changed for the ssh client which is
> suggested by the title of this ticket.

Sorry, not title, description.

Comment 4 Peter Müller 2018-08-20 17:07:29 UTC

Yes, you are right. Sorry about this.