Bug 1013333
| Summary: | Upgrade request: apache-sshd-0.8.0 - support ctr algorithms | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Alon Bar-Lev <alonbl> |
| Component: | apache-sshd | Assignee: | Juan Hernández <juan.hernandez> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 20 | CC: | bazulay, danken, dougsland, fdeutsch, iheim, juan.hernandez, puntogil |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | apache-sshd-0.9.0-2.fc20 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-11-22 11:48:06 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1007133, 1021273 | ||
apache-sshd-0.9.0-2.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/apache-sshd-0.9.0-2.fc20 Package apache-sshd-0.9.0-2.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing apache-sshd-0.9.0-2.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-18027/apache-sshd-0.9.0-2.fc20 then log in and leave karma (feedback). apache-sshd-0.9.0-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. Hello Guys, There is an issue in apache-sshd-0.9.0[1], which breaks ovirt-engine[2]. Upstream is not responding and looking at the diff between 0.8.0->0.9.0 I cannot find trivial zone to investigate, so we need to downgrade to 0.8.0 for now. What is the procedure? Thanks! [1] https://issues.apache.org/jira/browse/SSHD-258 [2] bug#1021273. (In reply to Alon Bar-Lev from comment #4) > Hello Guys, > > There is an issue in apache-sshd-0.9.0[1], which breaks ovirt-engine[2]. > > Upstream is not responding and looking at the diff between 0.8.0->0.9.0 I > cannot find trivial zone to investigate, so we need to downgrade to 0.8.0 > for now. What is the procedure? > > Thanks! > > [1] https://issues.apache.org/jira/browse/SSHD-258 > [2] bug#1021273. Hi Juan, I had the same issue and cannot register ovirt-node-iso-3.0.2-1.0.0.vdsm.fc19.iso to ovirt-engine-3.3.1-2.fc19.noarch always receive "Unexpected connection termination". apache-sshd-0.9.0-2.fc19.noarch openssh-server-6.2p2-6.fc19.x86_64 openssh-clients-6.2p2-6.fc19.x86_64 openssh-6.2p2-6.fc19.x86_64 Downgrading to: apache-sshd.noarch 0:0.7.0-3.fc19 resolves the problem. While upstream solves the issue you can solve this in ovirt-engine as follows:
diff --git a/ovirt-engine.spec.in b/ovirt-engine.spec.in
index f0c496e..59fb2fa 100644
--- a/ovirt-engine.spec.in
+++ b/ovirt-engine.spec.in
@@ -184,7 +184,6 @@ Requires: yum-plugin-versionlock
Requires: apache-commons-compress
Requires: apache-commons-configuration
Requires: apache-commons-jxpath
-Requires: apache-sshd
Requires: jakarta-commons-httpclient
Requires: objectweb-asm
Requires: openstack-java-client >= %{openstack_java_version}
@@ -597,7 +596,6 @@ org/apache/commons/configuration/main/commons-configuration.jar commons-configur
org/apache/commons/httpclient/main/commons-httpclient.jar
org/apache/commons/jxpath/main/commons-jxpath.jar commons-jxpath.jar
org/apache/mina/main/mina-core.jar apache-mina/mina-core.jar
-org/apache/sshd/main/sshd-core.jar apache-sshd/sshd-core.jar
org/apache/xmlrpc/main/xmlrpc-client.jar
org/apache/xmlrpc/main/xmlrpc-common.jar
org/postgresql/main/postgresql.jar postgresql-jdbc.jar
I'm closing this bug as it was about upgrading to the at least 0.8.0, and that is done. Open a new bug for the new issue if required. I am not sure I understand why fedora cannot downgrade broken package caused due to this bug within the same bug domain. |
Hello, apache-sshd-0.7.0 supports only cbc ciphers, attempting to connect ctr enabled host results in: --- fatal: no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc server aes128-ctr,aes192-ctr,aes256-ctr --- Please consider upgrading apache-sshd to at least 0.8.0, packaging is the same as far as I can see. Thanks! --- Ciphers used in Apache sshd-core 0.7.0 == avail.add(new AES128CBC.Factory()); avail.add(new TripleDESCBC.Factory()); avail.add(new BlowfishCBC.Factory()); avail.add(new AES192CBC.Factory()); avail.add(new AES256CBC.Factory()); == Ciphers used in Apache sshd-core 0.8.0 == //Newly added after a security bug fix avail.add(new AES128CTR.Factory()); avail.add(new AES256CTR.Factory()); avail.add(new ARCFOUR128.Factory()); avail.add(new ARCFOUR256.Factory()); avail.add(new AES128CBC.Factory()); avail.add(new TripleDESCBC.Factory()); avail.add(new BlowfishCBC.Factory()); avail.add(new AES192CBC.Factory()); avail.add(new AES256CBC.Factory()); ==