11751 – use strong cryptography for OpenSSH

Bug 11751 - use strong cryptography for OpenSSH

Summary: use strong cryptography for OpenSSH

Status:	CLOSED FIXED

Alias:	None

Product:	IPFire
Classification:	Unclassified
Component:	--- (show other bugs)
Version:	2
Hardware:	all All

Importance:	Will affect most users Security
Assignee:	Peter Müller
QA Contact:

URL:
Keywords:

Depends on:
Blocks:	HARDENSSH
	Show dependency tree / graph

Reported:	2018-06-07 05:53 UTC by Peter Müller
Modified:	2018-10-15 13:46 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Peter Müller 2018-06-07 05:53:00 UTC

We should ship a defined cipher list for both OpenSSH server and client (in case anybody is using IPFire as a platform for jumping into internal networks, i.e.) which is more secure than the current default.

Comment 1 Peter Müller 2018-08-19 20:53:38 UTC

A custom OpenSSH server configuration was built and submitted both to the mailing list (for including it in IPFire 2.x) and Timo (Ansible) so this is fixed.

https://patchwork.ipfire.org/patch/1895/

Comment 2 Michael Tremer 2018-08-20 11:15:55 UTC

This isn't fixed at all. A patch has been proposed, but it hasn't been shipped, yet.

  https://wiki.ipfire.org/devel/bugzilla/workflow

Also, the cipher list hasn't been changed for the ssh client which is suggested by the title of this ticket.

Comment 3 Michael Tremer 2018-08-20 11:16:20 UTC

(In reply to Michael Tremer from comment #2)
> Also, the cipher list hasn't been changed for the ssh client which is
> suggested by the title of this ticket.

Sorry, not title, description.

Comment 4 Peter Müller 2018-08-20 17:07:29 UTC

Yes, you are right. Sorry about this.