[Bug 967152] New: openssh package no longer recognizes ssh keys
http://bugzilla.opensuse.org/show_bug.cgi?id=967152 Bug ID: 967152 Summary: openssh package no longer recognizes ssh keys Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Bootloader Assignee: jsrain@suse.com Reporter: illumilore@gmail.com QA Contact: jsrain@suse.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0 Build Identifier: After upgrading to openssh 7.1p2-120.1, opensuse running ssh server will no longer recognize client that have valid ssh keys to allow passwordless logins. Reproducible: Always -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
http://bugzilla.opensuse.org/show_bug.cgi?id=967152#c1
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
http://bugzilla.opensuse.org/show_bug.cgi?id=967152#c2
ill lume
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
http://bugzilla.opensuse.org/show_bug.cgi?id=967152#c3
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
http://bugzilla.opensuse.org/show_bug.cgi?id=967152#c4
Andreas Stieger
After upgrading to openssh 7.1p2-120.1,
This is not the openSUSE Leap 42.1 package. This is not the openSUSE Tumbleweed package. This is not the network/openssh package. So you upgraded something. It is a well known fact that OpenSSH in that version adds restrictions on ciphers and hashes. Do contrary to what you may think, your keys may not migrate as you intended without change in configuration. Not everything that happens on openSUSE is a bug in openSUSE. And certainly not a bug in the item reported against (openSUSE Leap 42.1 / Bootloader) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
http://bugzilla.opensuse.org/show_bug.cgi?id=967152#c5
Andreas Stieger
This is not the network/openssh package.
heh, just updated yesterday with message: "bothed update, DO NOT TOUCH UNITL PROPERLY REVIEWED" Have fun with this one. Again your migration issue is expected. T, we should add some form of upgrade instructions to cover user issues like this? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
http://bugzilla.opensuse.org/show_bug.cgi?id=967152#c6
ill lume
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
http://bugzilla.opensuse.org/show_bug.cgi?id=967152#c7
Andreas Stieger
"This is not the network/openssh package."
Yes, it is.
I corrected that already. You installed an openSSH version where the behavior your describe is expected: Some host keys, client keys etc are no longer supported. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
http://bugzilla.opensuse.org/show_bug.cgi?id=967152#c8
ill lume
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
http://bugzilla.opensuse.org/show_bug.cgi?id=967152#c10
ill lume
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
http://bugzilla.opensuse.org/show_bug.cgi?id=967152#c12
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
http://bugzilla.opensuse.org/show_bug.cgi?id=967152#c13
ill lume
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
http://bugzilla.opensuse.org/show_bug.cgi?id=967152#c14
Tomáš Chvátal
Still no reason for closing this.
Stop reopening this bug. As was explained previously this is expected behaviour. openSSH is dropping support for some of the keys. Also you yourself installed experimental version of openSSH and thus excluded yourself from any margins within we should actually provide documentation. It will be done at a point the openSSH is integrated to Factory. If you reopen this I will ask for your account suspension because you behave this way on multiple bugs and it is unacceptable. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
http://bugzilla.opensuse.org/show_bug.cgi?id=967152#c15
Neil Rickert
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
Martin Pluskal
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
http://bugzilla.opensuse.org/show_bug.cgi?id=967152#c16
ill lume
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
http://bugzilla.opensuse.org/show_bug.cgi?id=967152#c17
Martin Pluskal
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
http://bugzilla.opensuse.org/show_bug.cgi?id=967152#c18
Richard Brown
"Also you yourself installed experimental version of openSSH and thus excluded yourself from any margins within we should actually provide documentation."
Why are experimental versions being pushed to a 13.2 repo then?
The repo you added and installed openssh from is an experimental repo The only official binary repositories for openSUSE 13.2 are http://download.opensuse.org/distribution/13.2/repo/oss/ http://download.opensuse.org/distribution/13.2/repo/non-oss/ http://download.opensuse.org/update/13.2/ anything else is not supported, will not be supported, and used at your own risk Therefore requests for features such as warning you when a major package change occurs will not be accepted. We support updates for openSUSE 13.2 from http://download.opensuse.org/update/13.2/ and no other repository The purpose of the 'network' repo is for the development of experimental packages before they are put in our supported distributions (Leap and Tumbleweed). It is WHERE things like you report are meant to be broken, in order to enable us to improve the situation. This bug is invalid, please cease arguing otherwise -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
http://bugzilla.opensuse.org/show_bug.cgi?id=967152#c19
--- Comment #19 from Martin Pluskal
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
http://bugzilla.opensuse.org/show_bug.cgi?id=967152#c20
ill lume
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
Martin Pluskal
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
http://bugzilla.opensuse.org/show_bug.cgi?id=967152#c21
--- Comment #21 from Richard Brown
"In other words most of "bugs" you report are bogus,"
Maybe my definition of "bug" is faulty then. Maybe you can help me understand what a bug is? Like snapper using up 15GB of your 30GB root partition. Is that not a bug then?
Snapper is designed to (by default) take snapshots of your btrfs root filesystem. Our standard btrfs config is configured in such a way that subvolumes prevent the snapshotting of folders like /home, and certain /var/lib/* folders where databases and such are kept in Outside of those subvolumes, everything on that root partition is going to be snapshotted If you have 15GB of change on your 30GB root partition in a short period of time, it is not a bug if snapper therefore fills up that space Your reports do not assert, nor suggest, that the the behaviour you are reporting is anything less than the expected behaviour of snapper, and therefore, yes, it is not a bug. A bug would be something like 'I changed nothing on the system, did nothing in the root filesystem, installed no packages, but still btrfs filled up my disk with snapshots' The recommended root partition size for an openSUSE btrfs root filesystem is *at least* 40GB. This has proven to be a sane default for the vast majority of the openSUSE userbase. Changes to that default have been made, when bug reporters have been able to demonstrably explain how and why the default settings needed to be changed. But your bug reports are woefully lacking in detailed information to be helpful to any such considerations. If you're an exceptionally heavy user, making lots of changes to your packages, then you either need more, or you need to adjust your snapper configuration accordingly to clean up based on your environment. That is your responsibility as the administrator of the system, but again, to be absolutely clear, that doesn't mean it's a bug. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
http://bugzilla.opensuse.org/show_bug.cgi?id=967152#c22
--- Comment #22 from Martin Pluskal
"very often you fail to provide requested info."
I wait until it happens again. If I can't reproduce it at the time, how do I provide the info? Many happen only so often. No, you failed to provide requested information for issues which you reported, see boo#868095 boo#880440 boo#862015 boo#849734 boo#871746 boo#877208 boo#879952 boo#873276 boo#879306 and many others, none of mentioned above required reproducing, either logs which are present on affected system would be enough or output of commands that were asked for would be sufficient.
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
http://bugzilla.opensuse.org/show_bug.cgi?id=967152#c23
--- Comment #23 from ill lume
http://bugzilla.opensuse.org/show_bug.cgi?id=967152
http://bugzilla.opensuse.org/show_bug.cgi?id=967152#c24
--- Comment #24 from Richard Brown
"The recommended root partition size for an openSUSE btrfs root filesystem is *at least* 40GB"
I didn't know that. It is not in the documentation I read about 13.2 or in the info that displays as the machine is installing. Is there no way for the installer to warn the user that at install time if it is too small? It already tells you about missing swap partition, subvolume stuff, etc.
On Leap, Tumbleweed, and SLE 12, YaST will automatically disable shapshots if space is too low and warn you if you try to enable them again That said, the problem is not trivial - a minimal installation that rarely changes probably only requires an 8GB root partition for snapshots And YaST doesn't know what you're installing until after you've decided about the partitions, so it's really down to the user to make sure they provide sufficient space for their use case
" If you're an exceptionally heavy user, making lots of changes to your packages, then you either need more,"
I update that machine like once a month, if that.
I find your problems hard to believe then - While running Tumbleweed (which has a much larger pace of change) on a system with a 32GB root partition (too small for weekly updates of Tumbleweed IMHO) it takes over 2 months of weekly updates before I ran out of space caused by snapshots
"or you need to adjust your snapper configuration accordingly to clean up based on your environment."
Is it possible to set snapper to not keep so many snapshots if the free space on the drive falls below a certain amount? Or for zypper to check if there is enough space available before it starts an upgrade? It already knows how much will be used doesn't it?
No, and you wouldn't want either . It's important snapper captures all the changes it can in order to be a rollback service you can rely on. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com