[Bug 2527] New: default algorithms mismatch between man pages and myproposal.h

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Jan 19 18:49:11 AEDT 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2527

            Bug ID: 2527
           Summary: default algorithms mismatch between man pages and
                    myproposal.h
           Product: Portable OpenSSH
           Version: 7.1p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P5
         Component: Documentation
          Assignee: unassigned-bugs at mindrot.org
          Reporter: i at f2light.com

DEFAULT ALGORITHMs in man pages of ssh_config(5) and sshd_config(5)
differ with what openssh actually take.

NOTE: the following diff-style sections have the last algorithm ends
with ",". It's only for getting pretty diff result.

KEX_SERVER_MAC: sshd_config(5) didn't tell me hmac-sha1-etm at openssh.com
and hman-sha1 is taken by default.

  --- DOCUMENT_SERVER_MAC
  +++ CODE_SERVER_MAC

   umac-64-etm at openssh.com,
   umac-128-etm at openssh.com,
   hmac-sha2-256-etm at openssh.com,
   hmac-sha2-512-etm at openssh.com,
  +hmac-sha1-etm at openssh.com,
   umac-64 at openssh.com,
   umac-128 at openssh.com,
   hmac-sha2-256,
   hmac-sha2-512,
  +hmac-sha1,

KEX_CLIENT_ENCRYPT: rijndael-cbc at lysator.liu.se is missing in
ssh_config(5).

  --- DOCUMENT_CLIENT_ENCRYPT
  +++ CODE_CLIENT_ENCRYPT

   chacha20-poly1305 at openssh.com,
   aes128-ctr,
   aes192-ctr,
   aes256-ctr,
   aes128-gcm at openssh.com,
   aes256-gcm at openssh.com,
   arcfour256,
   arcfour128,
   aes128-cbc,
   3des-cbc,
   blowfish-cbc,
   cast128-cbc,
   aes192-cbc,
   aes256-cbc,
   arcfour,
  +rijndael-cbc at lysator.liu.se,

KEX_CLIENT_MAC: hmac-sha1 series has higher priority than them in
ssh_config(5), and hmac-ripemd160 at openssh.com is removed. (Probably
it's just an alias to hmac-ripemd160?)

  --- DOCUMENT_CLIENT_MAC
  +++ CODE_CLIENT_MAC

   umac-64-etm at openssh.com,
   umac-128-etm at openssh.com,
   hmac-sha2-256-etm at openssh.com,
   hmac-sha2-512-etm at openssh.com,
   +hmac-sha1-etm at openssh.com,
   umac-64 at openssh.com,
   umac-128 at openssh.com,
   hmac-sha2-256,
   hmac-sha2-512,
   +hmac-sha1,
   hmac-md5-etm at openssh.com,
   -hmac-sha1-etm at openssh.com,
   hmac-ripemd160-etm at openssh.com,
   hmac-sha1-96-etm at openssh.com,
   hmac-md5-96-etm at openssh.com,
   hmac-md5,
   -hmac-sha1,
   hmac-ripemd160,
   -hmac-ripemd160 at openssh.com,
   hmac-sha1-96,
   hmac-md5-96,

P.S.: KEX_SERVER_KEX, KEX_CLIENT_KEX, KEX_DEFAULT_PK_ALG,
KEX_SERVER_ENCRYPT are correct.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list