** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1499392
Title: OpenSSH Security and SHA1 Status in openssh package in Ubuntu: New Bug description: We should enhance Security by disabling SHA1 or, if not possible (older Clients) by changing the KexAlgorithms, Ciphers and MACs order. For e.g. by : 1. If we add Support for older Clients we should change this: #### OpenSSH Security #### KexAlgorithms curve25519-sha...@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 Ciphers chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-ripemd160-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-...@openssh.com 2. If we just Support new Clients we should change this : [...] HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ed25519_key [...] #### OpenSSH Security #### KexAlgorithms curve25519-sha...@libssh.org,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128-...@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-ripemd160-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-...@openssh.com For more Information about my report go here: https://github.com/scaleway/image-ubuntu/pull/35 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1499392/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
