Bug 2095656

Summary: Unable login as root using passwords (crypto error)
Product: Red Hat Enterprise Linux 9 Reporter: Frank Büttner <bugzilla>
Component: opensshAssignee: Dmitry Belyavskiy <dbelyavs>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: CentOS StreamCC: bstinson, jjelen, jwboyer
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-06-21 14:40:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Pictrure of the error log on the server.
none
The debug log on the client
none
Nmap scan of the server none

Description Frank Büttner 2022-06-10 06:51:33 UTC 
Created attachment 1888547 [details]
Pictrure of the error log on the server.

Description of problem:
After enable password log in (PermitRootLogin yes) the log in fails with an crypto error.

Version-Release number of selected component (if applicable):
openssh-server-8.7p1-7.el9

How reproducible:
Every time


Steps to Reproduce:
1. Enable "PermitRootLogin yes"
2. restart the service
3. try to login

Actual results:
The log in fails from an remote system. (See picture)



Expected results:
Working SSH connection.


Additional info:
Using an local login will work. (ssh root@localhost)
The remote system is using Fedora 35.
Comment 1 Frank Büttner 2022-06-10 06:52:03 UTC 
Created attachment 1888548 [details]
The debug log on the client
Comment 2 Frank Büttner 2022-06-10 06:53:09 UTC 
Created attachment 1888549 [details]
Nmap scan of the server
Comment 3 Jakub Jelen 2022-06-10 06:59:51 UTC 
I assume this is a client misconfiguration and duplicate of a bug #2088750. I think you have somwhere in the client configuration written HostkeyAlgorithms ssh-rsa, which is no longer supported in RHEL9.
Comment 4 Frank Büttner 2022-06-12 10:47:14 UTC 
Yes it was and missing cipher, but the error message is strange. Better will be an message like "Cipher error: requested foo available bar". Because the error only happens after enter the correct password. When using an wrong one, the error will not happens.
Comment 5 Dmitry Belyavskiy 2022-06-21 14:40:23 UTC 
I agree that the error message is weird. Hopefully we will improve the diagnostics, but I close the bug as a duplicate.

*** This bug has been marked as a duplicate of bug 2088750 ***