2020-02-19 18:08:26 |
Kyle Birkeland |
bug |
|
|
added bug |
2020-02-19 18:08:26 |
Kyle Birkeland |
attachment added |
|
protocol_major_version_mismatch_regression.patch https://bugs.launchpad.net/bugs/1863930/+attachment/5329542/+files/protocol_major_version_mismatch_regression.patch |
|
2020-02-19 20:22:45 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
2020-02-19 20:22:52 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Review Team |
2020-02-27 15:55:35 |
Christian Ehrhardt |
bug |
|
|
added subscriber Ubuntu Server |
2020-02-27 15:55:39 |
Christian Ehrhardt |
tags |
patch |
patch server-next |
|
2020-02-27 15:55:48 |
Christian Ehrhardt |
nominated for series |
|
Ubuntu Bionic |
|
2020-02-27 15:55:48 |
Christian Ehrhardt |
bug task added |
|
openssh (Ubuntu Bionic) |
|
2020-02-27 15:55:55 |
Christian Ehrhardt |
openssh (Ubuntu): status |
New |
Fix Released |
|
2020-02-27 15:56:04 |
Christian Ehrhardt |
openssh (Ubuntu Bionic): assignee |
|
Colin Watson (cjwatson) |
|
2020-02-27 15:56:35 |
Christian Ehrhardt |
bug |
|
|
added subscriber Christian Ehrhardt |
2020-02-27 16:12:23 |
Colin Watson |
openssh (Ubuntu Bionic): assignee |
Colin Watson (cjwatson) |
|
|
2020-03-02 22:15:20 |
Kyle Birkeland |
attachment added |
|
test_bug_1863930.py https://bugs.launchpad.net/ubuntu/bionic/+source/openssh/+bug/1863930/+attachment/5332797/+files/test_bug_1863930.py |
|
2020-03-03 06:31:36 |
Christian Ehrhardt |
openssh (Ubuntu Bionic): status |
New |
Triaged |
|
2020-03-03 06:31:38 |
Christian Ehrhardt |
openssh (Ubuntu Bionic): importance |
Undecided |
Low |
|
2020-03-03 06:34:28 |
Christian Ehrhardt |
description |
SSHD closes the connection and logs the error message below when a client presents a protoversion of "1.99":
Protocol major versions differ for X.X.X.X port X: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 vs. SSH-1.99-XXX
RFC 4253 only states that clients should treat a server's protoversion of "1.99" as equivalent to "2.0"; however, some backward-compatible clients send a protoversion of "1.99" and expect the server to treat it as "2.0".
This regression was introduced in openssh-portable 7.6p1 from commit 97f4d3083; fixes were implemented in commits 9e9c4a7e5 and c9c1bba06. I've attached a patch with both of those fixes. |
[Impact]
* The version check in ssh was broken no more following RFC 4253 and
thereby denying some clients that it shouldn't
* Upstream fixed that and this is backporting the changes to bionic.
[Test Case]
# Prep
* configure the ssh server to generally work
# Testcase
$ wget https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1863930/+attachment/5332797/+files/test_bug_1863930.py
$ apt install python3-paramiko
$ python3 test_bug_1863930.py localhost (or whatever your host is)
Will report "Server is not patched." or "Server is patched.
[Regression Potential]
TODO
[Other Info]
* n/a
--
SSHD closes the connection and logs the error message below when a client presents a protoversion of "1.99":
Protocol major versions differ for X.X.X.X port X: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 vs. SSH-1.99-XXX
RFC 4253 only states that clients should treat a server's protoversion of "1.99" as equivalent to "2.0"; however, some backward-compatible clients send a protoversion of "1.99" and expect the server to treat it as "2.0".
This regression was introduced in openssh-portable 7.6p1 from commit 97f4d3083; fixes were implemented in commits 9e9c4a7e5 and c9c1bba06. I've attached a patch with both of those fixes. |
|
2020-03-03 06:40:14 |
Christian Ehrhardt |
description |
[Impact]
* The version check in ssh was broken no more following RFC 4253 and
thereby denying some clients that it shouldn't
* Upstream fixed that and this is backporting the changes to bionic.
[Test Case]
# Prep
* configure the ssh server to generally work
# Testcase
$ wget https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1863930/+attachment/5332797/+files/test_bug_1863930.py
$ apt install python3-paramiko
$ python3 test_bug_1863930.py localhost (or whatever your host is)
Will report "Server is not patched." or "Server is patched.
[Regression Potential]
TODO
[Other Info]
* n/a
--
SSHD closes the connection and logs the error message below when a client presents a protoversion of "1.99":
Protocol major versions differ for X.X.X.X port X: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 vs. SSH-1.99-XXX
RFC 4253 only states that clients should treat a server's protoversion of "1.99" as equivalent to "2.0"; however, some backward-compatible clients send a protoversion of "1.99" and expect the server to treat it as "2.0".
This regression was introduced in openssh-portable 7.6p1 from commit 97f4d3083; fixes were implemented in commits 9e9c4a7e5 and c9c1bba06. I've attached a patch with both of those fixes. |
[Impact]
* The version check in ssh was broken no more following RFC 4253 and
thereby denying some clients that it shouldn't
* Upstream fixed that and this is backporting the changes to bionic.
[Test Case]
# Prep
* configure the ssh server to generally work
# Testcase
$ wget https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1863930/+attachment/5332797/+files/test_bug_1863930.py
$ apt install python3-paramiko
$ python3 test_bug_1863930.py localhost (or whatever your host is)
Will report "Server is not patched." or "Server is patched.
* for an extra regression check it might be worth to do some "normal" ssh
connections as well
[Regression Potential]
* The change is very small and reviewable as well as being upstream and
in all Ubuntu releases >=Cosmic for a while now so it seems safe.
If anything the kind of regression to expect is that some former
(wrong) connection denials will then succeed. I can only think of
that being an issue in test suites but not in the real world.
[Other Info]
* n/a
--
SSHD closes the connection and logs the error message below when a client presents a protoversion of "1.99":
Protocol major versions differ for X.X.X.X port X: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 vs. SSH-1.99-XXX
RFC 4253 only states that clients should treat a server's protoversion of "1.99" as equivalent to "2.0"; however, some backward-compatible clients send a protoversion of "1.99" and expect the server to treat it as "2.0".
This regression was introduced in openssh-portable 7.6p1 from commit 97f4d3083; fixes were implemented in commits 9e9c4a7e5 and c9c1bba06. I've attached a patch with both of those fixes. |
|
2020-03-03 06:40:24 |
Christian Ehrhardt |
openssh (Ubuntu Bionic): assignee |
|
Christian Ehrhardt (paelzer) |
|
2020-03-03 06:48:47 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~paelzer/ubuntu/+source/openssh/+git/openssh/+merge/380138 |
|
2020-03-04 06:44:41 |
Christian Ehrhardt |
openssh (Ubuntu Bionic): status |
Triaged |
Incomplete |
|
2020-06-09 16:53:44 |
Robie Basak |
tags |
patch server-next |
patch |
|
2022-01-21 17:26:29 |
Pedro Principeza |
bug |
|
|
added subscriber Pedro Principeza |
2022-01-24 20:50:29 |
Mark Cunningham |
description |
[Impact]
* The version check in ssh was broken no more following RFC 4253 and
thereby denying some clients that it shouldn't
* Upstream fixed that and this is backporting the changes to bionic.
[Test Case]
# Prep
* configure the ssh server to generally work
# Testcase
$ wget https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1863930/+attachment/5332797/+files/test_bug_1863930.py
$ apt install python3-paramiko
$ python3 test_bug_1863930.py localhost (or whatever your host is)
Will report "Server is not patched." or "Server is patched.
* for an extra regression check it might be worth to do some "normal" ssh
connections as well
[Regression Potential]
* The change is very small and reviewable as well as being upstream and
in all Ubuntu releases >=Cosmic for a while now so it seems safe.
If anything the kind of regression to expect is that some former
(wrong) connection denials will then succeed. I can only think of
that being an issue in test suites but not in the real world.
[Other Info]
* n/a
--
SSHD closes the connection and logs the error message below when a client presents a protoversion of "1.99":
Protocol major versions differ for X.X.X.X port X: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 vs. SSH-1.99-XXX
RFC 4253 only states that clients should treat a server's protoversion of "1.99" as equivalent to "2.0"; however, some backward-compatible clients send a protoversion of "1.99" and expect the server to treat it as "2.0".
This regression was introduced in openssh-portable 7.6p1 from commit 97f4d3083; fixes were implemented in commits 9e9c4a7e5 and c9c1bba06. I've attached a patch with both of those fixes. |
[Impact]
* The version check in ssh was broken no more following RFC 4253 and
thereby denying some clients that it shouldn't.
https://datatracker.ietf.org/doc/html/rfc4253#section-5.1
* It is intended for clients reporting SSH-1.99 to be treated as if
they were advertising SSH-2.0, but with some backwards compatibility.
* Upstream fixed that, and this request is to back-port the changes into
18.04 Bionic.
* In practice this is affecting clients using the SolarWinds monitoring agent. Solarwinds SSH client advertises SSH-1.99 and Ubuntu 18.04 openssh-server is refusing the connection.
* This results in the following error in the auth.log, and a failed connection from the agent.
Protocol major versions differ for <IP> port <port>:
SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 vs. SSH-1.99-WeOnlyDo.Net
* More information from SolarWinds at the link below. They call out 18.04 as affected and recommend upgrading OpenSSH-server to 7.7 or greater.
https://support.solarwinds.com/SuccessCenter/s/article/SAM-s-Linux-Unix-Script-monitor-fails-to-connect-on-a-server-running-OpenSSH-7-6?language=en_US
[Test Case]
# Prep
* configure the ssh server to generally work
# Testcase
$ wget https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1863930/+attachment/5332797/+files/test_bug_1863930.py
$ apt install python3-paramiko
$ python3 test_bug_1863930.py localhost (or whatever your host is)
Will report "Server is not patched." or "Server is patched.
* for an extra regression check it might be worth to do some "normal" ssh
connections as well
[Regression Potential]
* The change is very small and reviewable as well as being upstream and
in all Ubuntu releases >=Cosmic for a while now so it seems safe.
If anything the kind of regression to expect is that some former
(wrong) connection denials will then succeed. I can only think of
that being an issue in test suites but not in the real world.
[Other Info]
* n/a
--
SSHD closes the connection and logs the error message below when a client presents a protoversion of "1.99":
Protocol major versions differ for X.X.X.X port X: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 vs. SSH-1.99-XXX
RFC 4253 only states that clients should treat a server's protoversion of "1.99" as equivalent to "2.0"; however, some backward-compatible clients send a protoversion of "1.99" and expect the server to treat it as "2.0".
This regression was introduced in openssh-portable 7.6p1 from commit 97f4d3083; fixes were implemented in commits 9e9c4a7e5 and c9c1bba06. I've attached a patch with both of those fixes. |
|
2022-01-25 15:22:43 |
Christian Ehrhardt |
openssh (Ubuntu Bionic): assignee |
Christian Ehrhardt (paelzer) |
|
|
2022-01-27 05:48:02 |
Nivedita Singhvi |
bug |
|
|
added subscriber Nivedita Singhvi |
2022-01-27 17:48:54 |
Athos Ribeiro |
tags |
patch |
patch server-todo |
|
2022-01-27 17:49:10 |
Athos Ribeiro |
bug |
|
|
added subscriber Athos Ribeiro |
2022-01-27 18:12:50 |
Heitor Alves de Siqueira |
openssh (Ubuntu Bionic): assignee |
|
Heitor Alves de Siqueira (halves) |
|
2022-01-27 18:13:01 |
Heitor Alves de Siqueira |
openssh (Ubuntu Bionic): importance |
Low |
High |
|
2022-01-27 18:13:10 |
Heitor Alves de Siqueira |
openssh (Ubuntu Bionic): importance |
High |
Medium |
|
2022-01-27 20:56:11 |
Athos Ribeiro |
tags |
patch server-todo |
patch |
|
2022-02-02 18:47:40 |
Heitor Alves de Siqueira |
openssh (Ubuntu Bionic): status |
Incomplete |
In Progress |
|
2022-02-02 18:49:29 |
Heitor Alves de Siqueira |
tags |
patch |
patch sts sts-sponsor-halves |
|
2022-02-02 19:01:26 |
Heitor Alves de Siqueira |
bug |
|
|
added subscriber Heitor Alves de Siqueira |
2022-02-03 12:57:12 |
Łukasz Zemczak |
openssh (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
2022-02-03 12:57:14 |
Łukasz Zemczak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2022-02-03 12:57:15 |
Łukasz Zemczak |
bug |
|
|
added subscriber SRU Verification |
2022-02-03 12:57:18 |
Łukasz Zemczak |
tags |
patch sts sts-sponsor-halves |
patch sts sts-sponsor-halves verification-needed verification-needed-bionic |
|
2022-02-03 13:04:48 |
Łukasz Zemczak |
tags |
patch sts sts-sponsor-halves verification-needed verification-needed-bionic |
block-proposed-bionic patch sts sts-sponsor-halves verification-needed verification-needed-bionic |
|
2022-02-15 13:49:08 |
Heitor Alves de Siqueira |
tags |
block-proposed-bionic patch sts sts-sponsor-halves verification-needed verification-needed-bionic |
patch sts sts-sponsor-halves verification-done verification-done-bionic |
|
2022-02-15 20:17:45 |
Launchpad Janitor |
openssh (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2022-02-15 20:17:50 |
Brian Murray |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|