PHP :: Bug #68555 :: support for SSH2 ciphers dropped in newer OpenSSH

Bug #68555	support for SSH2 ciphers dropped in newer OpenSSH
Submitted:	2014-12-05 21:24 UTC	Modified:	2014-12-06 05:32 UTC
From:	alex at sirensclef dot com	Assigned:	pollita (profile)
Status:	Closed	Package:	ssh2 (PECL)
PHP Version:	Irrelevant	OS:	CentOS
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	alex at sirensclef dot com
New email:
PHP Version:		OS:

New Comment:

[2014-12-05 21:24 UTC] alex at sirensclef dot com

Description:
------------
Someone pointed me to a post here: https://bbs.archlinux.org/viewtopic.php?id=188613 which notes that support for several ciphers were dropped in openssh-6.7p1-1. Unfortunately this list includes the very ones that SSH2 claims to support here: http://php.net/manual/en/function.ssh2-connect.php

It appears that upgrading server A to this version of openssh causes the ssh2 extension on server B to lose access. I tried specifying one of the new ciphers in my ssh2_connect() on server B but it didn't work.

Presumably you can add back support for one of the older ciphers to server A (after accepting the security risk). But when you're dealing with a lot of remote servers, including ones you have no control over, this could be a major headache.

Can the SSH2 extension be updated to add support for the newer ciphers instead, perhaps?

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-12-06 05:32 UTC] pollita@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: pollita

[2014-12-06 05:32 UTC] pollita@php.net

This bug should be filed with the libssh2 library, not the PHP extension which wraps libssh2.

The extension can only support those ciphers supported by the library.

[2014-12-06 13:42 UTC] alex at sirensclef dot com

Maybe the docs should be updated then? They list a fixed set of supported ciphers, rather than noting that the extension inherits the supported libssh2 ciphers which is why I directed this here.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 11:01:30 2024 UTC