ovirt-engine is building on apache-sshd 0.12.0 and suing system provided version which for FEdora >=25 means 0.14.0. Please rebase the code on 0.14.0. We'd like to package apache-sshd 0.14.0 for CentOS / RHEL as well (see bug #1441525)
We are going to upgrade to latest stable apache-sshd 1.2.0 in 4.2, there's no reason to stay with no longer supported version. But it will take some time as API is quite different
(In reply to Martin Perina from comment #1) > We are going to upgrade to latest stable apache-sshd 1.2.0 in 4.2, there's > no reason to stay with no longer supported version. But it will take some > time as API is quite different Please note 1.2.0 isn't in RHEL and won't land in Fedora soon, see https://bugzilla.redhat.com/show_bug.cgi?id=1441525#c3 That said, up to you :-)
(In reply to Sandro Bonazzola from comment #2) > (In reply to Martin Perina from comment #1) > > We are going to upgrade to latest stable apache-sshd 1.2.0 in 4.2, there's > > no reason to stay with no longer supported version. But it will take some > > time as API is quite different > > Please note 1.2.0 isn't in RHEL and won't land in Fedora soon, see > https://bugzilla.redhat.com/show_bug.cgi?id=1441525#c3 > That said, up to you :-) OK, but I think we need those new enhancements in 1.2.0 especially around newly supported ciphers, so this will stay in rhevm-dependencies
Just a note 1.4.0 is out: https://release-monitoring.org/project/15120/
raising priority due to our will to approach security standards better.
2.0.0 has been released meanwhile
This bugzilla is included in oVirt 4.3.0 release, published on February 4th 2019. Since the problem described in this bug report should be resolved in oVirt 4.3.0 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.