Hello Eldin, you're right that it is time to begin migrating away from SHA-1 in default OpenSSH configurations. However there is some historical baggage in parts of the launchpad infrastructure that prevented upgrading algorithms earlier. (Strictly speaking, the defaults aren't tied to launchpad but a configuration that doesn't allow developers to work out of the box is less than ideal.)
Some related bugs that might help explain the situation: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1445620 https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1445624 https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1445625 A site with many general guidelines that may influence more than just default keysize and hash selections: https://stribika.github.io/2015/01/04/secure-secure-shell.html And, of course, whatever we select should be tested against Cisco gear, since there's always a bug or two with every openssh configuration change that prevents people from logging into or using Cisco equipment. Colin, is it feasible to start making algorithm changes yet? Thanks ** Changed in: openssh (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1499392 Title: OpenSSH Security and SHA1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1499392/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
