Description of problem: While performing a system upgrade from 8.0 to 8.1, sshd.service dies repeatedly until yum post scriptlets run. During outage, we can see the following in the journal: -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- Nov 14 13:35:49 vm-uefi8 systemd[1]: Starting OpenSSH server daemon... Nov 14 13:35:49 vm-uefi8 sshd[5926]: command-line: line 0: Bad configuration option: CASignatureAlgorithms Nov 14 13:35:49 vm-uefi8 systemd[1]: sshd.service: Main process exited, code=exited, status=1/FAILURE Nov 14 13:35:49 vm-uefi8 systemd[1]: sshd.service: Failed with result 'exit-code'. Nov 14 13:35:49 vm-uefi8 systemd[1]: Failed to start OpenSSH server daemon. -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- An attempt is done every 42 seconds, so this resolves after some time (depends on how many packages are to be upgraded) but it's anyway problematic for the end user. Version-Release number of selected component (if applicable): openssh-server-8.0p1-3.el8.x86_64 How reproducible: Always Steps to Reproduce: 1. Upgrade a RHEL8.0 system to 8.1 (had openssh-server-7.8p1-4.el8.x86_64 on RHEL8.0) Actual results: See above Expected results: No outage
I do not think there is any reasonable way to solve this. It might be something to note for future updates of openssh and crypto-policies i.e. do not do any updates of a similar kind where new configuration value is added to openssh and simultaneously used in new crypto-policies version.
I agree with Tomas. There is no simple way how to make the system working during the updates by making sure these the packages are updated close to each other. We do not plan any z-strean updates (and this will probably not qualify for one) which could fix this. I think the updates from 8.0 are not very common use case among our customers as many things were stabilizing up to 8.1. The good thing is that the systemd service autorestart solves this problem eventually. We certainly do not plan any big changes like this in future of RHEL8. I will keep this bug open as a landing page in case some other poeple manage to hit this issue, but I do not think there is anything we could do about that now.
Hi guys, Thanks for looking into this. Could you give the exact reasons why it fails (until scriptlet runs apparently)? I didn't find any obvious change in the configuration. I'll then document this. Renaud.
*** Bug 1774233 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1811