Hello, apache-sshd-0.7.0 supports only cbc ciphers, attempting to connect ctr enabled host results in: --- fatal: no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc server aes128-ctr,aes192-ctr,aes256-ctr --- Please consider upgrading apache-sshd to at least 0.8.0, packaging is the same as far as I can see. Thanks! --- Ciphers used in Apache sshd-core 0.7.0 == avail.add(new AES128CBC.Factory()); avail.add(new TripleDESCBC.Factory()); avail.add(new BlowfishCBC.Factory()); avail.add(new AES192CBC.Factory()); avail.add(new AES256CBC.Factory()); == Ciphers used in Apache sshd-core 0.8.0 == //Newly added after a security bug fix avail.add(new AES128CTR.Factory()); avail.add(new AES256CTR.Factory()); avail.add(new ARCFOUR128.Factory()); avail.add(new ARCFOUR256.Factory()); avail.add(new AES128CBC.Factory()); avail.add(new TripleDESCBC.Factory()); avail.add(new BlowfishCBC.Factory()); avail.add(new AES192CBC.Factory()); avail.add(new AES256CBC.Factory()); ==
apache-sshd-0.9.0-2.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/apache-sshd-0.9.0-2.fc20
Package apache-sshd-0.9.0-2.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing apache-sshd-0.9.0-2.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-18027/apache-sshd-0.9.0-2.fc20 then log in and leave karma (feedback).
apache-sshd-0.9.0-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
Hello Guys, There is an issue in apache-sshd-0.9.0[1], which breaks ovirt-engine[2]. Upstream is not responding and looking at the diff between 0.8.0->0.9.0 I cannot find trivial zone to investigate, so we need to downgrade to 0.8.0 for now. What is the procedure? Thanks! [1] https://issues.apache.org/jira/browse/SSHD-258 [2] bug#1021273.
(In reply to Alon Bar-Lev from comment #4) > Hello Guys, > > There is an issue in apache-sshd-0.9.0[1], which breaks ovirt-engine[2]. > > Upstream is not responding and looking at the diff between 0.8.0->0.9.0 I > cannot find trivial zone to investigate, so we need to downgrade to 0.8.0 > for now. What is the procedure? > > Thanks! > > [1] https://issues.apache.org/jira/browse/SSHD-258 > [2] bug#1021273. Hi Juan, I had the same issue and cannot register ovirt-node-iso-3.0.2-1.0.0.vdsm.fc19.iso to ovirt-engine-3.3.1-2.fc19.noarch always receive "Unexpected connection termination". apache-sshd-0.9.0-2.fc19.noarch openssh-server-6.2p2-6.fc19.x86_64 openssh-clients-6.2p2-6.fc19.x86_64 openssh-6.2p2-6.fc19.x86_64 Downgrading to: apache-sshd.noarch 0:0.7.0-3.fc19 resolves the problem.
While upstream solves the issue you can solve this in ovirt-engine as follows: diff --git a/ovirt-engine.spec.in b/ovirt-engine.spec.in index f0c496e..59fb2fa 100644 --- a/ovirt-engine.spec.in +++ b/ovirt-engine.spec.in @@ -184,7 +184,6 @@ Requires: yum-plugin-versionlock Requires: apache-commons-compress Requires: apache-commons-configuration Requires: apache-commons-jxpath -Requires: apache-sshd Requires: jakarta-commons-httpclient Requires: objectweb-asm Requires: openstack-java-client >= %{openstack_java_version} @@ -597,7 +596,6 @@ org/apache/commons/configuration/main/commons-configuration.jar commons-configur org/apache/commons/httpclient/main/commons-httpclient.jar org/apache/commons/jxpath/main/commons-jxpath.jar commons-jxpath.jar org/apache/mina/main/mina-core.jar apache-mina/mina-core.jar -org/apache/sshd/main/sshd-core.jar apache-sshd/sshd-core.jar org/apache/xmlrpc/main/xmlrpc-client.jar org/apache/xmlrpc/main/xmlrpc-common.jar org/postgresql/main/postgresql.jar postgresql-jdbc.jar
I'm closing this bug as it was about upgrading to the at least 0.8.0, and that is done. Open a new bug for the new issue if required.
I am not sure I understand why fedora cannot downgrade broken package caused due to this bug within the same bug domain.