[Bug 1280496] Re: ed25519 host key not working on 6.5p1
So I did a little more investigating and tested "ssh " and "ssh localhost" Also, it seems that the key is HostKeyAlgorithms in .ssh/config. Search HostKeyAlgorithms in ssh_config If I manually force it to only use ed25519, then the host key exchange happens over ed25519, else it uses ECDSA. So there's something strange going on with the setup. Support is there but the defaults are wonky. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1280496 Title: ed25519 host key not working on 6.5p1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1280496/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1298280] Re: Update OpenSSH to 6.6
Just as an aside as I'm not sure what the right forum for this should be but maybe Ubuntu can consider updating security packages as a separate update policy for LTS releases. What I mean by this is given our current security climate, I feel that it's important to make sure people are using the latest packages of openssl, openssh, gnutls etc. It does not be a large list of software packages, just a set of core packages so that we get improved security all around. Just a thought. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1298280 Title: Update OpenSSH to 6.6 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1298280/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1280496] Re: ed25519 host key not working on 6.5p1
Adding the requested output below. As you can see, the ssh server offers up ECDSA host keys even though I've done the requisite ssh-keygen -t ed25519 /etc/ssh/ssh_host_ed25519 To be clear, the user key exchange *is* ed25519. I'm trying to figure out why the server key exchange is not the same. Also, I've cleared out .ssh/known_hosts just in case = Mar 27 10:48:08 a008 sshd[23416]: Accepted publickey for user from 127.0.0.1 port 51537 ssh2: ED25519 5a:de:f7:48:7b:2d:fb:c3:ab:09:27:10:57:01:b2:ba Mar 27 10:48:08 a008 sshd[23416]: pam_unix(sshd:session): session opened for user user by (uid=0) Mar 27 10:48:08 a008 systemd-logind[682]: New session 19 of user user == user@machine:~/.ssh$ ssh -vvv localhost OpenSSH_6.5, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /home/user/.ssh/config debug3: cipher ok: chacha20-poly1...@openssh.com [chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr] debug3: cipher ok: aes256-...@openssh.com [chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr] debug3: cipher ok: aes128-...@openssh.com [chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr] debug3: cipher ok: aes256-ctr [chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr] debug3: cipher ok: aes192-ctr [chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr] debug3: cipher ok: aes128-ctr [chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr] debug3: ciphers ok: [chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr] debug2: mac_setup: found umac-128-...@openssh.com debug3: mac ok: umac-128-...@openssh.com [umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1] debug2: mac_setup: found hmac-sha2-512 debug3: mac ok: hmac-sha2-512 [umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1] debug2: mac_setup: found hmac-sha2-256 debug3: mac ok: hmac-sha2-256 [umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1] debug2: mac_setup: found hmac-sha1 debug3: mac ok: hmac-sha1 [umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1] debug3: macs ok: [umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1] debug1: /home/user/.ssh/config line 15: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: auto-mux: Trying existing master debug1: Control socket "/home/user/.ssh/mux/ssh_mux_localhost_22_user" does not exist debug2: ssh_connect: needpriv 0 debug1: Connecting to localhost [127.0.0.1] port 22. debug1: Connection established. debug3: Incorrect RSA1 identifier debug3: Could not load "/home/user/.ssh/id_ed25519" as a RSA1 public key debug1: identity file /home/user/.ssh/id_ed25519 type 4 debug1: identity file /home/user/.ssh/id_ed25519-cert type -1 debug3: Incorrect RSA1 identifier debug3: Could not load "/home/user/.ssh/id_ecdsa" as a RSA1 public key debug1: identity file /home/user/.ssh/id_ecdsa type 1 debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1 debug3: Incorrect RSA1 identifier debug3: Could not load "/home/user/.ssh/id_rsa" as a RSA1 public key debug1: identity file /home/user/.ssh/id_rsa type 1 debug1: identity file /home/user/.ssh/id_rsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.5p1 Ubuntu-6 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.5p1 Ubuntu-6 debug1: match: OpenSSH_6.5p1 Ubuntu-6 pat OpenSSH* compat 0x0400 debug2: fd 3 setting O_NONBLOCK debug3: load_hostkeys: loading entries for host "localhost" from file "/home/user/.ssh/known_hosts" debug3: load_hostkeys: loaded 0 keys debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-ed25519-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr debug2: kex_parse_kexinit: chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes
[Bug 1298280] [NEW] Update OpenSSH for Tahir to 6.6
Public bug reported: 6.6 was just released and fixes some regressions in 6.5. Given that 14.04 is not released yet, it would be great to get to the latest and greatest version. ** Affects: openssh (Ubuntu) Importance: Undecided Status: New ** Tags: openssh regression-proposed ssh upgrade-software-version -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1298280 Title: Update OpenSSH for Tahir to 6.6 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1298280/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1280496] [NEW] ed25519 host key not working on 6.5p1
Public bug reported: So I decided to test out the new ed25519 support on the new release of OpenSSH. I generated the necessary keys, added the HostKey line in sshd_config and restarted. It does not appear to work and could be missing a compile flag somewhere. Long story short, I can generate the appropriate keys but trying to actually use it results in openssh offering ecdsa keys instead. ** Affects: openssh (Ubuntu) Importance: Undecided Status: New ** Tags: security -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1280496 Title: ed25519 host key not working on 6.5p1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1280496/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1275068] [NEW] consider upgrade to openssh 6.5p1 for 14.04
Public bug reported: 6.5p1 was just released and contains some very nice enhancements. Given that 14.04 will be LTS, it would be nice to have this included instead of just 6.4p1 ** Affects: openssh (Ubuntu) Importance: Undecided Status: New ** Tags: feature openssh ssh upgrade-software-version -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1275068 Title: consider upgrade to openssh 6.5p1 for 14.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1275068/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1270503] Re: open-vm-tools install update-rc.d failure
** Description changed: upgraded from 13.10 to test 14.04 using do-release-upgrade -d upon upgrade, it seems that the upgrade for open-vm-tools failed with the following message. Setting up open-vm-tools (2:9.4.0-1280544-5) ... update-initramfs: deferring update (trigger activated) update-rc.d: error: expected NN after start usage: update-rc.d [-n] [-f] remove update-rc.d [-n] defaults [NN | SS KK] update-rc.d [-n] start|stop NN runlvl [runlvl] [...] . update-rc.d [-n] disable|enable [S|2|3|4|5] -n: not really -f: force The disable|enable API is not stable and might change in the future. dpkg: error processing package open-vm-tools (--configure): subprocess installed post-installation script returned error exit status 1 Processing triggers for initramfs-tools (0.103ubuntu3) ... update-initramfs: Generating /boot/initrd.img-3.13.0-4-generic Errors were encountered while processing: open-vm-tools E: Sub-process /usr/bin/dpkg returned an error code (1) upon googling, it looks like the installation script needs to be cleaned up so that this installs cleanly. it looks like the following is the line(s) that need to be fixed. https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/open-vm- - tools/trusty/view/head:/debian/rules#L66 + tools/trusty/view/head:/debian/rules#L67 + + it should be + + + dh_installinit --update-rcd-params='start 38 2 3 4 5 . stop 38 0 1 6 .' + see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651031 for a report of a similar bug for a different package. - - - if this is not fixed, this could lead to issues with running 14.04 VMs properly with VMware. + if this is not fixed, this could lead to issues with running 14.04 VMs + properly with VMware. since this should be a pretty easy fix, i'm requesting that this be fixed prior to 14.04 release especially given 14.04 is LTS. thanks. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to open-vm-tools in Ubuntu. https://bugs.launchpad.net/bugs/1270503 Title: open-vm-tools install update-rc.d failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/open-vm-tools/+bug/1270503/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1270503] Re: open-vm-tools install update-rc.d failure
** Description changed: upgraded from 13.10 to test 14.04 using do-release-upgrade -d upon upgrade, it seems that the upgrade for open-vm-tools failed with the following message. Setting up open-vm-tools (2:9.4.0-1280544-5) ... update-initramfs: deferring update (trigger activated) update-rc.d: error: expected NN after start usage: update-rc.d [-n] [-f] remove -update-rc.d [-n] defaults [NN | SS KK] -update-rc.d [-n] start|stop NN runlvl [runlvl] [...] . -update-rc.d [-n] disable|enable [S|2|3|4|5] - -n: not really - -f: force + update-rc.d [-n] defaults [NN | SS KK] + update-rc.d [-n] start|stop NN runlvl [runlvl] [...] . + update-rc.d [-n] disable|enable [S|2|3|4|5] + -n: not really + -f: force The disable|enable API is not stable and might change in the future. dpkg: error processing package open-vm-tools (--configure): - subprocess installed post-installation script returned error exit status 1 + subprocess installed post-installation script returned error exit status 1 Processing triggers for initramfs-tools (0.103ubuntu3) ... update-initramfs: Generating /boot/initrd.img-3.13.0-4-generic Errors were encountered while processing: - open-vm-tools + open-vm-tools E: Sub-process /usr/bin/dpkg returned an error code (1) - upon googling, it looks like the installation script needs to be cleaned up so that this installs cleanly. - if this is not fixed, this could lead to issues with running 14.04 VMs - properly with VMware. + it looks like the following is the line(s) that need to be fixed. + + https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/open-vm- + tools/trusty/view/head:/debian/rules#L66 + + + see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651031 for a report of a similar bug for a different package. + + + + if this is not fixed, this could lead to issues with running 14.04 VMs properly with VMware. since this should be a pretty easy fix, i'm requesting that this be fixed prior to 14.04 release especially given 14.04 is LTS. thanks. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to open-vm-tools in Ubuntu. https://bugs.launchpad.net/bugs/1270503 Title: open-vm-tools install update-rc.d failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/open-vm-tools/+bug/1270503/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1270503] [NEW] open-vm-tools install update-rc.d failure
Public bug reported: upgraded from 13.10 to test 14.04 using do-release-upgrade -d upon upgrade, it seems that the upgrade for open-vm-tools failed with the following message. Setting up open-vm-tools (2:9.4.0-1280544-5) ... update-initramfs: deferring update (trigger activated) update-rc.d: error: expected NN after start usage: update-rc.d [-n] [-f] remove update-rc.d [-n] defaults [NN | SS KK] update-rc.d [-n] start|stop NN runlvl [runlvl] [...] . update-rc.d [-n] disable|enable [S|2|3|4|5] -n: not really -f: force The disable|enable API is not stable and might change in the future. dpkg: error processing package open-vm-tools (--configure): subprocess installed post-installation script returned error exit status 1 Processing triggers for initramfs-tools (0.103ubuntu3) ... update-initramfs: Generating /boot/initrd.img-3.13.0-4-generic Errors were encountered while processing: open-vm-tools E: Sub-process /usr/bin/dpkg returned an error code (1) upon googling, it looks like the installation script needs to be cleaned up so that this installs cleanly. it looks like the following is the line(s) that need to be fixed. https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/open-vm- tools/trusty/view/head:/debian/rules#L66 see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651031 for a report of a similar bug for a different package. if this is not fixed, this could lead to issues with running 14.04 VMs properly with VMware. since this should be a pretty easy fix, i'm requesting that this be fixed prior to 14.04 release especially given 14.04 is LTS. thanks. ** Affects: open-vm-tools (Ubuntu) Importance: Undecided Status: New ** Tags: installation vmware -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to open-vm-tools in Ubuntu. https://bugs.launchpad.net/bugs/1270503 Title: open-vm-tools install update-rc.d failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/open-vm-tools/+bug/1270503/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs