Bug 2527 - default algorithms mismatch between man pages and myproposal.h
Summary: default algorithms mismatch between man pages and myproposal.h
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: Documentation (show other bugs)
Version: 7.1p1
Hardware: All All
: P5 major
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_7_2
  Show dependency treegraph
 
Reported: 2016-01-19 18:49 AEDT by Xiami
Modified: 2016-08-02 10:41 AEST (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Xiami 2016-01-19 18:49:11 AEDT
DEFAULT ALGORITHMs in man pages of ssh_config(5) and sshd_config(5) differ with what openssh actually take.

NOTE: the following diff-style sections have the last algorithm ends with ",". It's only for getting pretty diff result.

KEX_SERVER_MAC: sshd_config(5) didn't tell me hmac-sha1-etm@openssh.com and hman-sha1 is taken by default.

  --- DOCUMENT_SERVER_MAC
  +++ CODE_SERVER_MAC

   umac-64-etm@openssh.com,
   umac-128-etm@openssh.com,
   hmac-sha2-256-etm@openssh.com,
   hmac-sha2-512-etm@openssh.com,
  +hmac-sha1-etm@openssh.com,
   umac-64@openssh.com,
   umac-128@openssh.com,
   hmac-sha2-256,
   hmac-sha2-512,
  +hmac-sha1,

KEX_CLIENT_ENCRYPT: rijndael-cbc@lysator.liu.se is missing in ssh_config(5).

  --- DOCUMENT_CLIENT_ENCRYPT
  +++ CODE_CLIENT_ENCRYPT

   chacha20-poly1305@openssh.com,
   aes128-ctr,
   aes192-ctr,
   aes256-ctr,
   aes128-gcm@openssh.com,
   aes256-gcm@openssh.com,
   arcfour256,
   arcfour128,
   aes128-cbc,
   3des-cbc,
   blowfish-cbc,
   cast128-cbc,
   aes192-cbc,
   aes256-cbc,
   arcfour,
  +rijndael-cbc@lysator.liu.se,

KEX_CLIENT_MAC: hmac-sha1 series has higher priority than them in ssh_config(5), and hmac-ripemd160@openssh.com is removed. (Probably it's just an alias to hmac-ripemd160?)

  --- DOCUMENT_CLIENT_MAC
  +++ CODE_CLIENT_MAC

   umac-64-etm@openssh.com,
   umac-128-etm@openssh.com,
   hmac-sha2-256-etm@openssh.com,
   hmac-sha2-512-etm@openssh.com,
   +hmac-sha1-etm@openssh.com,
   umac-64@openssh.com,
   umac-128@openssh.com,
   hmac-sha2-256,
   hmac-sha2-512,
   +hmac-sha1,
   hmac-md5-etm@openssh.com,
   -hmac-sha1-etm@openssh.com,
   hmac-ripemd160-etm@openssh.com,
   hmac-sha1-96-etm@openssh.com,
   hmac-md5-96-etm@openssh.com,
   hmac-md5,
   -hmac-sha1,
   hmac-ripemd160,
   -hmac-ripemd160@openssh.com,
   hmac-sha1-96,
   hmac-md5-96,

P.S.: KEX_SERVER_KEX, KEX_CLIENT_KEX, KEX_DEFAULT_PK_ALG, KEX_SERVER_ENCRYPT are correct.
Comment 1 Damien Miller 2016-02-11 13:57:13 AEDT
Thanks, there were a couple more changes since we introduced RSA/SHA2
Comment 2 Damien Miller 2016-08-02 10:41:20 AEST
Close all resolved bugs after 7.3p1 release