Bug 1838159

Summary: [RFE] Upgrade apache-sshd to 2.5.0 to allow RSA-SHA256 and RSA-SHA512 public keys
Product: [oVirt] ovirt-engine Reporter: Martin Perina <mperina>
Component: Backend.CoreAssignee: Martin Perina <mperina>
Status: CLOSED CURRENTRELEASE QA Contact: Pavol Brilla <pbrilla>
Severity: medium Docs Contact:
Priority: high    
Version: 4.3.0CC: bugs, lleistne, mtessun, pelauter, rdlugyhe
Target Milestone: ovirt-4.4.1Keywords: FutureFeature
Target Release: 4.4.1.5Flags: pm-rhel: ovirt-4.4+
mtessun: blocker+
mtessun: planning_ack+
mperina: devel_ack+
lleistne: testing_ack+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovirt-engine-4.4.1.5 Doc Type: Release Note
Doc Text:
With this release, you can add hosts to RHV Manager that do not provide standard rsa-sha-1 SSH public keys but only provide rsa-sha256/rsa-sha-512 SSH public keys instead, such as CentOS 8 hosts with FIPS hardening enabled.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-08-05 06:25:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Martin Perina 2020-05-20 14:45:23 UTC 
Upgrade apache-sshd to 2.4.0 to allow RSA-SHA256 and RSA-SHA512 public keys, which is required to connect to EL8 host with FIPS security hardening enabled
Comment 1 Martin Perina 2020-06-09 08:00:40 UTC 
apache-sshd-2.4.0 has a bug which prevents using ssh-rsa-2, but it's already fixed on current master. New release 2.5.0, should come soon
Comment 5 Sandro Bonazzola 2020-08-05 06:25:24 UTC 
This bugzilla is included in oVirt 4.4.1 release, published on July 8th 2020.

Since the problem described in this bug report should be resolved in oVirt 4.4.1 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.