[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
This bug was fixed in the package openssh - 1:8.2p1-4ubuntu0.7 --- openssh (1:8.2p1-4ubuntu0.7) focal; urgency=medium * d/p/lp2012298-upstream-fix-match-in-d-config.patch: Allow ssh_config.d/ configuration files to correctly update the PasswordAuthentication setting (LP: #2012298) -- Lena Voytek Mon, 03 Apr 2023 15:47:13 -0700 ** Changed in: openssh (Ubuntu Focal) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Fix Released Status in openssh source package in Hirsute: Won't Fix Status in openssh source package in Impish: Won't Fix Bug description: [Impact] The problem here is straightforward. The case is to fix manpages. They need to reflect a change done to the code some time ago. That problem might be annoying for users before being fixed. Backport upstream fix to Focal Origin: https://github.com/openssh/openssh-portable/commit/53ea05e09b04fd7b6dea66b42b34d65fe61b9636 [Test Plan] Make a container for testing: First option: $ lxc launch ubuntu:focal focal-test $ lxc shell focal-test Simply install the openssh package using ‘apt install’ and check ssh_config and sshd_config. Acutal results: 1. Create a container using steps from above. 2. Type in man ssh_config and check that as well as the sshd_config. 3. You should spot the ssh-rsa entries in the manpage within the CASignatureAlgorithms section. Expected results: 1. Create a container using steps from above. 2. Type in man ssh_config and check that as well as the sshd_config. 3. You shouldn't spot the ssh-rsa entries in the manpage within the CASignatureAlgorithms section. [Where problems could occur] Any code change might change the behavior of the package in a specific situation and cause other errors. Next things which might cause regression are new dependencies which might not align and it is obvious the dependencies are upgraded and it might be a problem, but it is really unlikely. Even none of the rather generic cases above does apply here as we only change non-functional content in the form of the man page; Therefore the only risk is out of re-building the package which could pick up something from e.g. a changed toolchain. [Other Info] Fixing this is nice for the users, but OTOH very low severity and would cause a package download and update on almost every Ubuntu in the world. Therefore we will mark this as block-proposed and keep it in focal-proposed so that a later real update (security or functional) will pick this up from -proposed and then fix it in the field for real. original report--- The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
Unblocking since the fix for (LP: #2012298) is now available ** Tags removed: block-proposed-focal verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Fix Committed Status in openssh source package in Hirsute: Won't Fix Status in openssh source package in Impish: Won't Fix Bug description: [Impact] The problem here is straightforward. The case is to fix manpages. They need to reflect a change done to the code some time ago. That problem might be annoying for users before being fixed. Backport upstream fix to Focal Origin: https://github.com/openssh/openssh-portable/commit/53ea05e09b04fd7b6dea66b42b34d65fe61b9636 [Test Plan] Make a container for testing: First option: $ lxc launch ubuntu:focal focal-test $ lxc shell focal-test Simply install the openssh package using ‘apt install’ and check ssh_config and sshd_config. Acutal results: 1. Create a container using steps from above. 2. Type in man ssh_config and check that as well as the sshd_config. 3. You should spot the ssh-rsa entries in the manpage within the CASignatureAlgorithms section. Expected results: 1. Create a container using steps from above. 2. Type in man ssh_config and check that as well as the sshd_config. 3. You shouldn't spot the ssh-rsa entries in the manpage within the CASignatureAlgorithms section. [Where problems could occur] Any code change might change the behavior of the package in a specific situation and cause other errors. Next things which might cause regression are new dependencies which might not align and it is obvious the dependencies are upgraded and it might be a problem, but it is really unlikely. Even none of the rather generic cases above does apply here as we only change non-functional content in the form of the man page; Therefore the only risk is out of re-building the package which could pick up something from e.g. a changed toolchain. [Other Info] Fixing this is nice for the users, but OTOH very low severity and would cause a package download and update on almost every Ubuntu in the world. Therefore we will mark this as block-proposed and keep it in focal-proposed so that a later real update (security or functional) will pick this up from -proposed and then fix it in the field for real. original report--- The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
This popped up in triage as a stale bug, but looks like everything looks good here: openssh 1:8.2p1-4ubuntu0.6 is in focal-proposed, verification is done, migration is blocked by the block-proposed-focal tag (staged SRU). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Fix Committed Status in openssh source package in Hirsute: Won't Fix Status in openssh source package in Impish: Won't Fix Bug description: [Impact] The problem here is straightforward. The case is to fix manpages. They need to reflect a change done to the code some time ago. That problem might be annoying for users before being fixed. Backport upstream fix to Focal Origin: https://github.com/openssh/openssh-portable/commit/53ea05e09b04fd7b6dea66b42b34d65fe61b9636 [Test Plan] Make a container for testing: First option: $ lxc launch ubuntu:focal focal-test $ lxc shell focal-test Simply install the openssh package using ‘apt install’ and check ssh_config and sshd_config. Acutal results: 1. Create a container using steps from above. 2. Type in man ssh_config and check that as well as the sshd_config. 3. You should spot the ssh-rsa entries in the manpage within the CASignatureAlgorithms section. Expected results: 1. Create a container using steps from above. 2. Type in man ssh_config and check that as well as the sshd_config. 3. You shouldn't spot the ssh-rsa entries in the manpage within the CASignatureAlgorithms section. [Where problems could occur] Any code change might change the behavior of the package in a specific situation and cause other errors. Next things which might cause regression are new dependencies which might not align and it is obvious the dependencies are upgraded and it might be a problem, but it is really unlikely. Even none of the rather generic cases above does apply here as we only change non-functional content in the form of the man page; Therefore the only risk is out of re-building the package which could pick up something from e.g. a changed toolchain. [Other Info] Fixing this is nice for the users, but OTOH very low severity and would cause a package download and update on almost every Ubuntu in the world. Therefore we will mark this as block-proposed and keep it in focal-proposed so that a later real update (security or functional) will pick this up from -proposed and then fix it in the field for real. original report--- The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
First of all, I have changed the SRU description in 'Test Plan' section a bit, to be more precisely. We could assume the fix didn't work if I would leave it as it did before. I've added information that we should look for the changes within the specific area in the manpage, so the steps are obvious now. Fix works, package 1:8.2p1-4ubuntu0.6 fixes the bug. I've created the focal container using steps from the [Test Plan] section listed above in the Bug Description and inside that container I typed in: $ apt policy openssh-server The output: Installed: 1:8.2p1-4ubuntu0.5 Candidate: 1:8.2p1-4ubuntu0.6 Version table: 1:8.2p1-4ubuntu0.6 500 500 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 Packages *** 1:8.2p1-4ubuntu0.5 500 500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages 100 /var/lib/dpkg/status 1:8.2p1-4ubuntu0.2 500 500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages 1:8.2p1-4 500 500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages Then I have typed in: $ man sshd_config and $ man ssh_config I've noticed that nothing has changed there. So the problem still existed, because as we could see in the output, the package version was not the one where the fix is. Then I've upgraded both openssh-server and openssh-client using: $ apt install openssh-server=1:8.2p1-4ubuntu0.6 $ apt install openssh-client=1:8.2p1-4ubuntu0.6 Later I've typed in: $ apt policy openssh-server to check if installed version is changed and we see that we have new version installed (with fix) Installed: 1:8.2p1-4ubuntu0.6 Candidate: 1:8.2p1-4ubuntu0.6 Version table: *** 1:8.2p1-4ubuntu0.6 500 500 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 Packages 100 /var/lib/dpkg/status 1:8.2p1-4ubuntu0.5 500 500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages 1:8.2p1-4ubuntu0.2 500 500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages 1:8.2p1-4 500 500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages Finally when I opened the manpage, typing: $ man ssh_config the problem did not exist, so the fix works. ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Fix Committed Status in openssh source package in Hirsute: Won't Fix Status in openssh source package in Impish: Won't Fix Bug description: [Impact] The problem here is straightforward. The case is to fix manpages. They need to reflect a change done to the code some time ago. That problem might be annoying for users before being fixed. Backport upstream fix to Focal Origin: https://github.com/openssh/openssh-portable/commit/53ea05e09b04fd7b6dea66b42b34d65fe61b9636 [Test Plan] Make a container for testing: First option: $ lxc launch ubuntu:focal focal-test $ lxc shell focal-test Simply install the openssh package using ‘apt install’ and check ssh_config and sshd_config. Acutal results: 1. Create a container using steps from above. 2. Type in man ssh_config and check that as well as the sshd_config. 3. You should spot the ssh-rsa entries in the manpage within the CASignatureAlgorithms section. Expected results: 1. Create a container using steps from above. 2. Type in man ssh_config and check that as well as the sshd_config. 3. You shouldn't spot the ssh-rsa entries in the manpage within the CASignatureAlgorithms section. [Where problems could occur] Any code change might change the behavior of the package in a specific situation and cause other errors. Next things which might cause regression are new dependencies which might not align and it is obvious the dependencies are upgraded and it might be a problem, but it is really unlikely. Even none of the rather generic cases above does apply here as we only change non-functional content in the form of the man page; Therefore the only risk is out of re-building the package which could pick up something from e.g. a changed toolchain. [Other Info] Fixing this is nice for the users, but OTOH very low severity and would cause a package download and update on almost every Ubuntu in the world. Therefore we will mark this as block-proposed and keep it in focal-proposed so that a later real update (security or functional) will pick this up from -proposed and then fix it in the field for real. original report--- The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
** Description changed: [Impact] The problem here is straightforward. The case is to fix manpages. They need to reflect a change done to the code some time ago. That problem might be annoying for users before being fixed. Backport upstream fix to Focal Origin: https://github.com/openssh/openssh-portable/commit/53ea05e09b04fd7b6dea66b42b34d65fe61b9636 [Test Plan] Make a container for testing: First option: - $ lxc launch images:ubuntu/focal focal-test + $ lxc launch ubuntu:focal focal-test $ lxc shell focal-test Simply install the openssh package using ‘apt install’ and check ssh_config and sshd_config. Acutal results: 1. Create a container using steps from above. 2. Type in man ssh_config and check that as well as the sshd_config. 3. You should spot the ssh-rsa entries in the manpage within the CASignatureAlgorithms section. Expected results: 1. Create a container using steps from above. 2. Type in man ssh_config and check that as well as the sshd_config. 3. You shouldn't spot the ssh-rsa entries in the manpage within the CASignatureAlgorithms section. [Where problems could occur] Any code change might change the behavior of the package in a specific situation and cause other errors. Next things which might cause regression are new dependencies which might not align and it is obvious the dependencies are upgraded and it might be a problem, but it is really unlikely. Even none of the rather generic cases above does apply here as we only change non-functional content in the form of the man page; Therefore the only risk is out of re-building the package which could pick up something from e.g. a changed toolchain. [Other Info] Fixing this is nice for the users, but OTOH very low severity and would cause a package download and update on almost every Ubuntu in the world. Therefore we will mark this as block-proposed and keep it in focal- proposed so that a later real update (security or functional) will pick this up from -proposed and then fix it in the field for real. original report--- The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Fix Committed Status in openssh source package in Hirsute: Won't Fix Status in openssh source package in Impish: Won't Fix Bug description: [Impact] The problem here is straightforward. The case is to fix manpages. They need to reflect a change done to the code some time ago. That problem might be annoying for users before being fixed. Backport upstream fix to Focal Origin: https://github.com/openssh/openssh-portable/commit/53ea05e09b04fd7b6dea66b42b34d65fe61b9636 [Test Plan] Make a container for testing: First option: $ lxc launch ubuntu:focal focal-test $ lxc shell focal-test Simply install the openssh package using ‘apt install’ and check ssh_config and sshd_config. Acutal results: 1. Create a container using steps from above. 2. Type in man ssh_config and check that as well as the sshd_config. 3. You should spot the ssh-rsa entries in the manpage within the CASignatureAlgorithms section. Expected results: 1. Create a container using steps from above. 2. Type in man ssh_config and check that as well as the sshd_config. 3. You shouldn't spot the ssh-rsa entries in the manpage within the CASignatureAlgorithms section. [Where problems could occur] Any code change might change the behavior of the package in a specific situation and cause other errors. Next things which might cause regression are new dependencies which might not align and it is obvious the dependencies are upgraded and it might be a problem, but it is really unlikely. Even none of the rather generic cases above does apply here as we only change non-functional content in the form of the
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
** Description changed: [Impact] The problem here is straightforward. The case is to fix manpages. They need to reflect a change done to the code some time ago. That problem might be annoying for users before being fixed. Backport upstream fix to Focal Origin: https://github.com/openssh/openssh-portable/commit/53ea05e09b04fd7b6dea66b42b34d65fe61b9636 [Test Plan] Make a container for testing: First option: - $ lxc launch images:ubuntu/bionic focal-test + $ lxc launch images:ubuntu/focal focal-test $ lxc shell focal-test - Simply install the openssh package using ‘apt install’ and check both - ssh_config.5 and sshd_config.5 files. + Simply install the openssh package using ‘apt install’ and check + ssh_config and sshd_config. Acutal results: 1. Create a container using steps from above. - 2. Type in man sshd_config. - 3. You should spot the ssh-rsa entries in the manpage. + 2. Type in man ssh_config and check that as well as the sshd_config. + 3. You should spot the ssh-rsa entries in the manpage within the CASignatureAlgorithms section. Expected results: 1. Create a container using steps from above. - 2. Type in man sshd_config. - 3. You shouldn't spot the ssh-rsa entries in the manpage. + 2. Type in man ssh_config and check that as well as the sshd_config. + 3. You shouldn't spot the ssh-rsa entries in the manpage within the CASignatureAlgorithms section. [Where problems could occur] Any code change might change the behavior of the package in a specific situation and cause other errors. Next things which might cause regression are new dependencies which might not align and it is obvious the dependencies are upgraded and it might be a problem, but it is really unlikely. Even none of the rather generic cases above does apply here as we only change non-functional content in the form of the man page; Therefore the only risk is out of re-building the package which could pick up something from e.g. a changed toolchain. [Other Info] Fixing this is nice for the users, but OTOH very low severity and would cause a package download and update on almost every Ubuntu in the world. Therefore we will mark this as block-proposed and keep it in focal- proposed so that a later real update (security or functional) will pick this up from -proposed and then fix it in the field for real. original report--- The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Fix Committed Status in openssh source package in Hirsute: Won't Fix Status in openssh source package in Impish: Won't Fix Bug description: [Impact] The problem here is straightforward. The case is to fix manpages. They need to reflect a change done to the code some time ago. That problem might be annoying for users before being fixed. Backport upstream fix to Focal Origin: https://github.com/openssh/openssh-portable/commit/53ea05e09b04fd7b6dea66b42b34d65fe61b9636 [Test Plan] Make a container for testing: First option: $ lxc launch images:ubuntu/focal focal-test $ lxc shell focal-test Simply install the openssh package using ‘apt install’ and check ssh_config and sshd_config. Acutal results: 1. Create a container using steps from above. 2. Type in man ssh_config and check that as well as the sshd_config. 3. You should spot the ssh-rsa entries in the manpage within the CASignatureAlgorithms section. Expected results: 1. Create a container using steps from above. 2. Type in man ssh_config and check that as well as the sshd_config. 3. You shouldn't spot the ssh-rsa entries in the manpage within the CASignatureAlgorithms section. [Where problems could occur] Any code change might change the behavior of the package in a specific situation and cause other errors. Next things
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
** Description changed: [Impact] - The problem here is straightforward. - The case is to fix manpages. They need to reflect a change done to the code some time ago. That problem might be annoying for users before being fixed. + The problem here is straightforward. + The case is to fix manpages. They need to reflect a change done to the code some time ago. That problem might be annoying for users before being fixed. Backport upstream fix to Focal - Origin: + Origin: https://github.com/openssh/openssh-portable/commit/53ea05e09b04fd7b6dea66b42b34d65fe61b9636 - [Test Plan] Make a container for testing: First option: $ lxc launch images:ubuntu/bionic focal-test $ lxc shell focal-test - Simply install the openssh package using ‘apt install’ and check both ssh_config.5 and sshd_config.5 files. You should be able to spot the ‘ssh_rsa’ in these files. - + Simply install the openssh package using ‘apt install’ and check both + ssh_config.5 and sshd_config.5 files. + Acutal results: + + 1. Create a container using steps from above. + 2. Type in man sshd_config. + 3. You should spot the ssh-rsa entries in the manpage. + + Expected results: + + 1. Create a container using steps from above. + 2. Type in man sshd_config. + 3. You shouldn't spot the ssh-rsa entries in the manpage. [Where problems could occur] Any code change might change the behavior of the package in a specific situation and cause other errors. Next things which might cause regression are new dependencies which might not align and it is obvious the dependencies are upgraded and it might be a problem, but it is really unlikely. Even none of the rather generic cases above does apply here as we only change non-functional content in the form of the man page; Therefore the only risk is out of re-building the package which could pick up something from e.g. a changed toolchain. - [Other Info] - - Fixing this is nice for the users, but OTOH very low severity and would cause a package download and update on almost every Ubuntu in the world. Therefore we will mark this as block-proposed and keep it in focal-proposed so that a later real update (security or functional) will pick this up from -proposed and then fix it in the field for real. + Fixing this is nice for the users, but OTOH very low severity and would + cause a package download and update on almost every Ubuntu in the world. + Therefore we will mark this as block-proposed and keep it in focal- + proposed so that a later real update (security or functional) will pick + this up from -proposed and then fix it in the field for real. original report--- The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Fix Committed Status in openssh source package in Hirsute: Won't Fix Status in openssh source package in Impish: Won't Fix Bug description: [Impact] The problem here is straightforward. The case is to fix manpages. They need to reflect a change done to the code some time ago. That problem might be annoying for users before being fixed. Backport upstream fix to Focal Origin: https://github.com/openssh/openssh-portable/commit/53ea05e09b04fd7b6dea66b42b34d65fe61b9636 [Test Plan] Make a container for testing: First option: $ lxc launch images:ubuntu/bionic focal-test $ lxc shell focal-test Simply install the openssh package using ‘apt install’ and check both ssh_config.5 and sshd_config.5 files. Acutal results: 1. Create a container using steps from above. 2. Type in man sshd_config. 3. You should spot the ssh-rsa entries in the manpage. Expected results: 1. Create a container using steps from above. 2. Type in man sshd_config. 3. You shouldn't spot the ssh-rsa entries in the manpage. [Where problems could occur] Any code change
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
Retrigerred tests and no regressions now. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Fix Committed Status in openssh source package in Hirsute: Won't Fix Status in openssh source package in Impish: Won't Fix Bug description: [Impact] The problem here is straightforward. The case is to fix manpages. They need to reflect a change done to the code some time ago. That problem might be annoying for users before being fixed. Backport upstream fix to Focal Origin: https://github.com/openssh/openssh-portable/commit/53ea05e09b04fd7b6dea66b42b34d65fe61b9636 [Test Plan] Make a container for testing: First option: $ lxc launch images:ubuntu/bionic focal-test $ lxc shell focal-test Simply install the openssh package using ‘apt install’ and check both ssh_config.5 and sshd_config.5 files. You should be able to spot the ‘ssh_rsa’ in these files. [Where problems could occur] Any code change might change the behavior of the package in a specific situation and cause other errors. Next things which might cause regression are new dependencies which might not align and it is obvious the dependencies are upgraded and it might be a problem, but it is really unlikely. Even none of the rather generic cases above does apply here as we only change non-functional content in the form of the man page; Therefore the only risk is out of re-building the package which could pick up something from e.g. a changed toolchain. [Other Info] Fixing this is nice for the users, but OTOH very low severity and would cause a package download and update on almost every Ubuntu in the world. Therefore we will mark this as block-proposed and keep it in focal-proposed so that a later real update (security or functional) will pick this up from -proposed and then fix it in the field for real. original report--- The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
Hello iBug, or anyone else affected, Accepted openssh into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssh/1:8.2p1-4ubuntu0.6 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-focal. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: openssh (Ubuntu Focal) Status: Triaged => Fix Committed ** Tags added: verification-needed verification-needed-focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Fix Committed Status in openssh source package in Hirsute: Won't Fix Status in openssh source package in Impish: Won't Fix Bug description: [Impact] The problem here is straightforward. The case is to fix manpages. They need to reflect a change done to the code some time ago. That problem might be annoying for users before being fixed. Backport upstream fix to Focal Origin: https://github.com/openssh/openssh-portable/commit/53ea05e09b04fd7b6dea66b42b34d65fe61b9636 [Test Plan] Make a container for testing: First option: $ lxc launch images:ubuntu/bionic focal-test $ lxc shell focal-test Simply install the openssh package using ‘apt install’ and check both ssh_config.5 and sshd_config.5 files. You should be able to spot the ‘ssh_rsa’ in these files. [Where problems could occur] Any code change might change the behavior of the package in a specific situation and cause other errors. Next things which might cause regression are new dependencies which might not align and it is obvious the dependencies are upgraded and it might be a problem, but it is really unlikely. Even none of the rather generic cases above does apply here as we only change non-functional content in the form of the man page; Therefore the only risk is out of re-building the package which could pick up something from e.g. a changed toolchain. [Other Info] Fixing this is nice for the users, but OTOH very low severity and would cause a package download and update on almost every Ubuntu in the world. Therefore we will mark this as block-proposed and keep it in focal-proposed so that a later real update (security or functional) will pick this up from -proposed and then fix it in the field for real. original report--- The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
> Fixing this is nice for the users, but OTOH very low severity and would cause a package download and update on almost every Ubuntu in the world. Therefore we will mark this as block-proposed and keep it in focal-proposed so that a later real update (security or functional) will pick this up from -proposed and then fix it in the field for real. Note that then the tag should be block-proposed-focal, not block- proposed. ** Tags removed: block-proposed ** Tags added: block-proposed-focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Triaged Status in openssh source package in Hirsute: Won't Fix Status in openssh source package in Impish: Won't Fix Bug description: [Impact] The problem here is straightforward. The case is to fix manpages. They need to reflect a change done to the code some time ago. That problem might be annoying for users before being fixed. Backport upstream fix to Focal Origin: https://github.com/openssh/openssh-portable/commit/53ea05e09b04fd7b6dea66b42b34d65fe61b9636 [Test Plan] Make a container for testing: First option: $ lxc launch images:ubuntu/bionic focal-test $ lxc shell focal-test Simply install the openssh package using ‘apt install’ and check both ssh_config.5 and sshd_config.5 files. You should be able to spot the ‘ssh_rsa’ in these files. [Where problems could occur] Any code change might change the behavior of the package in a specific situation and cause other errors. Next things which might cause regression are new dependencies which might not align and it is obvious the dependencies are upgraded and it might be a problem, but it is really unlikely. Even none of the rather generic cases above does apply here as we only change non-functional content in the form of the man page; Therefore the only risk is out of re-building the package which could pick up something from e.g. a changed toolchain. [Other Info] Fixing this is nice for the users, but OTOH very low severity and would cause a package download and update on almost every Ubuntu in the world. Therefore we will mark this as block-proposed and keep it in focal-proposed so that a later real update (security or functional) will pick this up from -proposed and then fix it in the field for real. original report--- The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
With Michal: Marked block-proposed, added SRU content, re-reviewed and sponsored the upload to Focal-unapproved. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Triaged Status in openssh source package in Hirsute: Won't Fix Status in openssh source package in Impish: Won't Fix Bug description: [Impact] The problem here is straightforward. The case is to fix manpages. They need to reflect a change done to the code some time ago. That problem might be annoying for users before being fixed. Backport upstream fix to Focal Origin: https://github.com/openssh/openssh-portable/commit/53ea05e09b04fd7b6dea66b42b34d65fe61b9636 [Test Plan] Make a container for testing: First option: $ lxc launch images:ubuntu/bionic focal-test $ lxc shell focal-test Simply install the openssh package using ‘apt install’ and check both ssh_config.5 and sshd_config.5 files. You should be able to spot the ‘ssh_rsa’ in these files. [Where problems could occur] Any code change might change the behavior of the package in a specific situation and cause other errors. Next things which might cause regression are new dependencies which might not align and it is obvious the dependencies are upgraded and it might be a problem, but it is really unlikely. Even none of the rather generic cases above does apply here as we only change non-functional content in the form of the man page; Therefore the only risk is out of re-building the package which could pick up something from e.g. a changed toolchain. [Other Info] Fixing this is nice for the users, but OTOH very low severity and would cause a package download and update on almost every Ubuntu in the world. Therefore we will mark this as block-proposed and keep it in focal-proposed so that a later real update (security or functional) will pick this up from -proposed and then fix it in the field for real. original report--- The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
** Description changed: + [Impact] + + The problem here is straightforward. + The case is to fix manpages. They need to reflect a change done to the code some time ago. That problem might be annoying for users before being fixed. + + Backport upstream fix to Focal + Origin: + https://github.com/openssh/openssh-portable/commit/53ea05e09b04fd7b6dea66b42b34d65fe61b9636 + + + [Test Plan] + + Make a container for testing: + + First option: + $ lxc launch images:ubuntu/bionic focal-test + $ lxc shell focal-test + + Simply install the openssh package using ‘apt install’ and check both ssh_config.5 and sshd_config.5 files. You should be able to spot the ‘ssh_rsa’ in these files. + + + + [Where problems could occur] + + Any code change might change the behavior of the package in a specific + situation and cause other errors. + + Next things which might cause regression are new dependencies which + might not align and it is obvious the dependencies are upgraded and it + might be a problem, but it is really unlikely. + + Even none of the rather generic cases above does apply here as we only + change non-functional content in the form of the man page; Therefore the + only risk is out of re-building the package which could pick up + something from e.g. a changed toolchain. + + + [Other Info] + + + Fixing this is nice for the users, but OTOH very low severity and would cause a package download and update on almost every Ubuntu in the world. Therefore we will mark this as block-proposed and keep it in focal-proposed so that a later real update (security or functional) will pick this up from -proposed and then fix it in the field for real. + + original + report--- + The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms - Specifies which algorithms are allowed for signing of certificates - by certificate authorities (CAs). The default is: + Specifies which algorithms are allowed for signing of certificates + by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa - ssh(1) will not accept host certificates signed using algorithms - other than those specified. + ssh(1) will not accept host certificates signed using algorithms + other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Triaged Status in openssh source package in Hirsute: Won't Fix Status in openssh source package in Impish: Won't Fix Bug description: [Impact] The problem here is straightforward. The case is to fix manpages. They need to reflect a change done to the code some time ago. That problem might be annoying for users before being fixed. Backport upstream fix to Focal Origin: https://github.com/openssh/openssh-portable/commit/53ea05e09b04fd7b6dea66b42b34d65fe61b9636 [Test Plan] Make a container for testing: First option: $ lxc launch images:ubuntu/bionic focal-test $ lxc shell focal-test Simply install the openssh package using ‘apt install’ and check both ssh_config.5 and sshd_config.5 files. You should be able to spot the ‘ssh_rsa’ in these files. [Where problems could occur] Any code change might change the behavior of the package in a specific situation and cause other errors. Next things which might cause regression are new dependencies which might not align and it is obvious the dependencies are upgraded and it might be a problem, but it is really unlikely. Even none of the rather generic cases above does apply here as we only change non-functional content in the form of the man page; Therefore the only risk is out of re-building the package which could pick up something from e.g. a changed toolchain. [Other Info] Fixing this is nice for the users, but OTOH very low severity and would cause a package download and update on almost every Ubuntu in the world. Therefore we will mark this as block-proposed and keep it in focal-proposed so that a later real update (security or functional) will pick this up from -proposed and then fix it in the field for real. original report---
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
** Tags added: block-proposed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Triaged Status in openssh source package in Hirsute: Won't Fix Status in openssh source package in Impish: Won't Fix Bug description: The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
MP in inner review for some days -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Triaged Status in openssh source package in Hirsute: Won't Fix Status in openssh source package in Impish: Won't Fix Bug description: The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
** Merge proposal linked: https://code.launchpad.net/~michal-maloszewski99/ubuntu/+source/openssh/+git/openssh/+merge/427496 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Triaged Status in openssh source package in Hirsute: Won't Fix Status in openssh source package in Impish: Won't Fix Bug description: The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
** Merge proposal linked: https://code.launchpad.net/~michal-maloszewski99/ubuntu/+source/openssh/+git/openssh/+merge/427492 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Triaged Status in openssh source package in Hirsute: Won't Fix Status in openssh source package in Impish: Won't Fix Bug description: The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
** Merge proposal linked: https://code.launchpad.net/~michal-maloszewski99/ubuntu/+source/openssh/+git/openssh/+merge/427460 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Triaged Status in openssh source package in Hirsute: Won't Fix Status in openssh source package in Impish: Won't Fix Bug description: The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
** Merge proposal linked: https://code.launchpad.net/~michal-maloszewski99/ubuntu/+source/openssh/+git/openssh/+merge/427455 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Triaged Status in openssh source package in Hirsute: Won't Fix Status in openssh source package in Impish: Won't Fix Bug description: The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
** Merge proposal linked: https://code.launchpad.net/~michal-maloszewski99/ubuntu/+source/openssh/+git/openssh/+merge/427453 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Triaged Status in openssh source package in Hirsute: Won't Fix Status in openssh source package in Impish: Won't Fix Bug description: The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
Both Hirsute and Impish are End of Life. So there is no possibility to fix these ones. Change will be SRUd to Focal for sure. ** Changed in: openssh (Ubuntu Hirsute) Status: Triaged => Won't Fix ** Changed in: openssh (Ubuntu Impish) Status: Triaged => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Triaged Status in openssh source package in Hirsute: Won't Fix Status in openssh source package in Impish: Won't Fix Bug description: The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
** Changed in: openssh (Ubuntu Focal) Assignee: (unassigned) => Michał Małoszewski (michal-maloszewski99) ** Changed in: openssh (Ubuntu Hirsute) Assignee: (unassigned) => Michał Małoszewski (michal-maloszewski99) ** Changed in: openssh (Ubuntu Impish) Assignee: (unassigned) => Michał Małoszewski (michal-maloszewski99) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Triaged Status in openssh source package in Hirsute: Triaged Status in openssh source package in Impish: Triaged Bug description: The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
** Tags added: bitesize -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Triaged Status in openssh source package in Hirsute: Triaged Status in openssh source package in Impish: Triaged Bug description: The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
As the fix is in Jammy I think we can mark the devel task as Fix Released. I doubt this is SRU material as the impact of the bug is really low; maybe it could be done with a staged upload [1]. I'm marking the SRU tasks as Triaged as the bug is well understood. [1] https://wiki.ubuntu.com/StableReleaseUpdates#Staging_an_upload ** Changed in: openssh (Ubuntu) Status: Fix Committed => Fix Released ** Changed in: openssh (Ubuntu Focal) Status: New => Triaged ** Changed in: openssh (Ubuntu Hirsute) Status: New => Triaged ** Changed in: openssh (Ubuntu Impish) Status: New => Triaged ** Changed in: openssh (Ubuntu Focal) Importance: Undecided => Wishlist ** Changed in: openssh (Ubuntu Hirsute) Importance: Undecided => Wishlist ** Changed in: openssh (Ubuntu Impish) Importance: Undecided => Wishlist -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Triaged Status in openssh source package in Hirsute: Triaged Status in openssh source package in Impish: Triaged Bug description: The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
This has been fixed upstream, as shown in [1] and is available in jammy. [1] https://github.com/openssh/openssh-portable/commit/53ea05e09b04fd7b6dea66b42b34d65fe61b9636 ** Also affects: openssh (Ubuntu Impish) Importance: Undecided Status: New ** Also affects: openssh (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: openssh (Ubuntu Hirsute) Importance: Undecided Status: New ** Changed in: openssh (Ubuntu) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Committed Status in openssh source package in Focal: New Status in openssh source package in Hirsute: New Status in openssh source package in Impish: New Bug description: The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
** Changed in: openssh (Ubuntu) Importance: Undecided => Low ** Changed in: openssh (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Triaged Bug description: The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp