openssh bugs - Jul 2010 - [Bug 1801] New: cipher_spec section of ssh man page needs update

https://bugzilla.mindrot.org/show_bug.cgi?id=1801

           Summary: cipher_spec section of ssh man page needs update
           Product: Portable OpenSSH
           Version: 5.5p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Documentation
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: matthewm at boedicker.org


The "-c cipher_sec" section says that 3des is still the default
cipher.
Also newer ciphers like aes and arcfour are not listed.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1801

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au

--- Comment #1 from Darren Tucker <dtucker at zip.com.au>  ---
Quoting it in full:

" -c cipher_spec
    Selects the cipher specification for encrypting the session.

    Protocol version 1 allows specification of a single cipher.  The
    supported values are ``3des'', ``blowfish'', and
``des''.  3des
    (triple-des) is an encrypt-decrypt-encrypt triple with three
    different keys.  It is believed to be secure.  blowfish is a fast
    block cipher; it appears very secure and is much faster than
    3des.  des is only supported in the ssh client for
    interoperability with legacy protocol 1 implementations that do
    not support the 3des cipher.  Its use is strongly discouraged due
    to cryptographic weaknesses.  The default is ``3des''.

    For protocol version 2, cipher_spec is a comma-separated list of
    ciphers listed in order of preference.  See the Ciphers keyword
    for more information."

There's 2 paragraphs: the first describes version 1 of the protocol for
which the default *is* 3des.  The default cipher list for protocol 2
list listed in ssh_config(5):

"Ciphers
   Specifies the ciphers allowed for protocol version 2 in order of
   preference.  Multiple ciphers must be comma-separated.  The sup-
   ported ciphers are "3des-cbc", "aes128-cbc",
"aes192-cbc",
   "aes256-cbc", "aes128-ctr", "aes192-ctr",
"aes256-ctr",
   "arcfour128", "arcfour256", "arcfour",
"blowfish-cbc", and
   "cast128-cbc".  The default is:

   aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
   aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
   aes256-cbc,arcfour"

The reference in ssh(1) should be a reference to ssh_config(5) though.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1801

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #2 from Damien Miller <djm at mindrot.org>  ---
Darren has updated ssh(1):

revision 1.307
date: 2010/07/23 08:49:25;  author: dtucker;  state: Exp;  lines: +5 -3
Ciphers is documented in ssh_config(5) these days

This was released in OpenSSH 5.6

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1801

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Darren Tucker <dtucker at zip.com.au>  ---
With the release of OpenSSH 5.6p1 this bug is now considered closed. 
If you have further problems please reopen or file a new bug as
appropriate.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.