openssh bugs - Feb 2019 - [Bug 2967] New: ssh client is advertising the server's algorithm lists

https://bugzilla.mindrot.org/show_bug.cgi?id=2967

            Bug ID: 2967
           Summary: ssh client is advertising the server's algorithm lists
           Product: Portable OpenSSH
           Version: 7.8p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: nuxi at vault24.org

Created attachment 3242
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3242&action=edit
Fix SSH client algorithm advertisements.

Commit 1b9dd4aa ("upstream: better diagnosics on alg list assembly
errors") in OpenSSH 7.8p1 accidently changed the SSH client to use the
server's algorithm lists instead of the client's. The only difference
between the two lists is the inclusion of
"diffie-hellman-group-exchange-sha1" in the client's list.

I've attached a patch to fix this.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2967

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Ha, since nobody has complained I guess we can deprecate
diffie-hellman-group-exchange-sha1

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2967

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |2915


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2915
[Bug 2915] Tracking bug for 8.0 release
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2967

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
I applied your patch and removed the diffie-hellman-group-exchange-sha1
KEX method from the client's list.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2967

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
close bugs that were resolved in OpenSSH 8.5 release cycle

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.