Bug 1281705 - Bad cipher 'blowfish'
Bad cipher 'blowfish'
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
23
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Jakub Jelen
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-13 03:06 EST by Vratislav Podzimek
Modified: 2016-02-08 05:07 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-23 04:08:45 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vratislav Podzimek 2015-11-13 03:06:50 EST
Description of problem:
If I have the 'blowfish' cipher specified in my ~/.ssh/config file, I cannot ssh to any machine because ssh complains about it being a bad cipher (whatever that wording means).

Version-Release number of selected component (if applicable):
openssh-7.1p1-5.fc23.x86_64

How reproducible:
100%

Steps to Reproduce:
1. specify 'Cipher blowfish' for some of Host in ~/.ssh/config
2. try to ssh somewhere

Actual results:
line XY: Bad cipher 'blowfish'.

Expected results:
ssh login successful

Additional info:
'blowfish-cbc' works, but since people tend to use their ssh configs for years, I think ssh should do the change on its own internally and possibly just produce some warning.
Comment 1 Jakub Jelen 2015-12-11 09:24:59 EST
Sorry for a late answer. I missed this bug somehow.

If you check the manual page for ssh_config(5), you will read:

> Cipher   Specifies the cipher to use for encrypting the session in protocol version 1.

This explains it. This option has nothing to do in current setups and has no effect for protocol SSHv2.


From my opinion, it should rather yell about unsupported option, since SSHv1 is gone in version 7+. This is only thing we can fix. Maintaining compatible options for many years obsolete protocol is not a good idea.
Comment 2 Vratislav Podzimek 2016-02-08 05:07:41 EST
(In reply to Jakub Jelen from comment #1)
> Sorry for a late answer. I missed this bug somehow.
> 
> If you check the manual page for ssh_config(5), you will read:
> 
> > Cipher   Specifies the cipher to use for encrypting the session in protocol version 1.
> 
> This explains it. This option has nothing to do in current setups and has no
> effect for protocol SSHv2.
> 
> 
> From my opinion, it should rather yell about unsupported option, since SSHv1
> is gone in version 7+. This is only thing we can fix. Maintaining compatible
> options for many years obsolete protocol is not a good idea.

Fair enough, thanks for the explanation.

Note You need to log in before you can comment on or make changes to this bug.