php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68555 support for SSH2 ciphers dropped in newer OpenSSH
Submitted: 2014-12-05 21:24 UTC Modified: 2014-12-06 05:32 UTC
From: alex at sirensclef dot com Assigned: pollita (profile)
Status: Closed Package: ssh2 (PECL)
PHP Version: Irrelevant OS: CentOS
Private report: No CVE-ID: None
 [2014-12-05 21:24 UTC] alex at sirensclef dot com
Description:
------------
Someone pointed me to a post here: https://bbs.archlinux.org/viewtopic.php?id=188613 which notes that support for several ciphers were dropped in openssh-6.7p1-1. Unfortunately this list includes the very ones that SSH2 claims to support here: http://php.net/manual/en/function.ssh2-connect.php

It appears that upgrading server A to this version of openssh causes the ssh2 extension on server B to lose access. I tried specifying one of the new ciphers in my ssh2_connect() on server B but it didn't work.

Presumably you can add back support for one of the older ciphers to server A (after accepting the security risk). But when you're dealing with a lot of remote servers, including ones you have no control over, this could be a major headache.

Can the SSH2 extension be updated to add support for the newer ciphers instead, perhaps?


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-12-06 05:32 UTC] pollita@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: pollita
 [2014-12-06 05:32 UTC] pollita@php.net
This bug should be filed with the libssh2 library, not the PHP extension which wraps libssh2.

The extension can only support those ciphers supported by the library.
 [2014-12-06 13:42 UTC] alex at sirensclef dot com
Maybe the docs should be updated then? They list a fixed set of supported ciphers, rather than noting that the extension inherits the supported libssh2 ciphers which is why I directed this here.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 06:01:30 2024 UTC