2013-09-11 21:40:12 EDT Due to older version , SSHClient used in oVirt uses only CBC ciphers. Version used in rhevm backend == pom.xml: <sshd-core.version>0.7.0</sshd-core.version> == Ciphers used in Apache sshd-core 0.7.0 == avail.add(new AES128CBC.Factory()); avail.add(new TripleDESCBC.Factory()); avail.add(new BlowfishCBC.Factory()); avail.add(new AES192CBC.Factory()); avail.add(new AES256CBC.Factory()); == Ciphers used in Apache sshd-core 0.8.0 == //Newly added after a security bug fix avail.add(new AES128CTR.Factory()); avail.add(new AES256CTR.Factory()); avail.add(new ARCFOUR128.Factory()); avail.add(new ARCFOUR256.Factory()); avail.add(new AES128CBC.Factory()); avail.add(new TripleDESCBC.Factory()); avail.add(new BlowfishCBC.Factory()); avail.add(new AES192CBC.Factory()); avail.add(new AES256CBC.Factory()); == Only sshd-core-0.11.0 which was just released passes all our tests.
Same as d/s - BZ1007133 thus OK.
oVirt 3.5 has been released and should include the fix for this issue.