[Bug 2038561] [NEW] Requesting Ubuntu package manager to release openssh updates to focal and jammy

Prashanth Suvarna 2038561 at bugs.launchpad.net
Thu Oct 5 17:24:47 UTC 2023 

Public bug reported:

We're are unable to test OpenSSL 3.1 versions on Ubuntu 22.04 and 20.04
machines because the machine gets bricked and loses SSH after
installation of OpenSSL 3.1.2.

This is because SSHD gets restarted when OpenSSL 3.1 gets installed. But
it fails to come up and we lose SSH access to the box.

Debug logging on SSHD shows the below error when it tries to start : 
OpenSSL version mismatch. Built against 30000020, you have 30100020

After researching in online forums, it appears that this is an OpenSSH bug and it's been fixed in version 9.4p1 and 9.5p1 via this fix : 
https://github.com/openssh/openssh-portable/commit/b7afd8a4ecaca8afd3179b55e9db79c0ff210237

However, it appears that only 8.9p1 version of openssh-client and
openssh-server are available in Ubuntu packages.

Requesting you to please release openssh versions 9.4p1 or 9.5p1 on
Jammy and Focal which will help us move past this bug and start testing
OpenSSL 3.1 for our use cases.


Additional information about our environment:
$ lsb_release -rd
Description:	Ubuntu 22.04.3 LTS
Release:	22.04

$ apt-cache policy openssh-server
openssh-server:
  Installed: 1:8.9p1-3ubuntu0.4
  Candidate: 1:8.9p1-3ubuntu0.4
  Version table:
 *** 1:8.9p1-3ubuntu0.4 500
        500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     1:8.9p1-3ubuntu0.3 500
        500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages
     1:8.9p1-3 500
        500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 Packages

** Affects: openssh (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2038561

Title:
  Requesting Ubuntu package manager to release openssh updates to focal
  and jammy

Status in openssh package in Ubuntu:
  New

Bug description:
  We're are unable to test OpenSSL 3.1 versions on Ubuntu 22.04 and
  20.04 machines because the machine gets bricked and loses SSH after
  installation of OpenSSL 3.1.2.

  This is because SSHD gets restarted when OpenSSL 3.1 gets installed.
  But it fails to come up and we lose SSH access to the box.

  Debug logging on SSHD shows the below error when it tries to start : 
  OpenSSL version mismatch. Built against 30000020, you have 30100020

  After researching in online forums, it appears that this is an OpenSSH bug and it's been fixed in version 9.4p1 and 9.5p1 via this fix : 
  https://github.com/openssh/openssh-portable/commit/b7afd8a4ecaca8afd3179b55e9db79c0ff210237

  However, it appears that only 8.9p1 version of openssh-client and
  openssh-server are available in Ubuntu packages.

  Requesting you to please release openssh versions 9.4p1 or 9.5p1 on
  Jammy and Focal which will help us move past this bug and start
  testing OpenSSL 3.1 for our use cases.

  
  Additional information about our environment:
  $ lsb_release -rd
  Description:	Ubuntu 22.04.3 LTS
  Release:	22.04

  $ apt-cache policy openssh-server
  openssh-server:
    Installed: 1:8.9p1-3ubuntu0.4
    Candidate: 1:8.9p1-3ubuntu0.4
    Version table:
   *** 1:8.9p1-3ubuntu0.4 500
          500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
          100 /var/lib/dpkg/status
       1:8.9p1-3ubuntu0.3 500
          500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages
       1:8.9p1-3 500
          500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2038561/+subscriptions

More information about the foundations-bugs mailing list