2967 – ssh client is advertising the server's algorithm lists

Bug 2967 - ssh client is advertising the server's algorithm lists

Summary: ssh client is advertising the server's algorithm lists

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh (show other bugs)
Version:	7.8p1
Hardware:	Other Linux

Importance:	P5 minor
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:	V_8_0
	Show dependency tree / graph

Reported:	2019-02-11 08:10 AEDT by NUXI
Modified:	2021-03-04 09:51 AEDT (History)
CC List:	1 user (show)

See Also:

Attachments
Fix SSH client algorithm advertisements. (1.31 KB, patch) 2019-02-11 08:10 AEDT, NUXI	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description NUXI 2019-02-11 08:10:00 AEDT

Created attachment 3242 [details]
Fix SSH client algorithm advertisements.

Commit 1b9dd4aa ("upstream: better diagnosics on alg list assembly errors") in OpenSSH 7.8p1 accidently changed the SSH client to use the server's algorithm lists instead of the client's. The only difference between the two lists is the inclusion of "diffie-hellman-group-exchange-sha1" in the client's list.

I've attached a patch to fix this.

Comment 1 Damien Miller 2019-02-22 14:31:13 AEDT

Ha, since nobody has complained I guess we can deprecate diffie-hellman-group-exchange-sha1

Comment 2 Damien Miller 2019-02-23 19:41:05 AEDT

I applied your patch and removed the diffie-hellman-group-exchange-sha1 KEX method from the client's list.

Comment 3 Damien Miller 2021-03-04 09:51:42 AEDT

close bugs that were resolved in OpenSSH 8.5 release cycle