Description
Describe the bug
Because of the renaming of a KEX algorithm, an upgrade from Fedora 33 to 34 or 35, will cause the SSH daemon to crash on start with this message.
Unsupported KEX algorithm "[email protected]"Although this algorithm was updated in #437, it's currently quite difficult to apply this fix as it's only run when the sshd_version is equal or above 8.5. Fedora 33 seems to have version 8.4. More details below.
This is a continuation issue from #433
Expected behavior
I think the key algorithm rename should be done, before it causes problems. I'm also aware that this might not be possible, as OpenSSL didn't follow a nice deprecation path, it seems.
But I'm not sure about this, maybe we can change the key algorithm name already in 8.4, which would prevent this problem.
Actual behavior
SSH daemon crashes with the following message
Unsupported KEX algorithm "[email protected]"OS / Environment
$ ssh -V
OpenSSH_8.4p1, OpenSSL 1.1.1l FIPS 24 Aug 2021
$ ssh -Q kex
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
[email protected]
[email protected]
cat /etc/redhat-release
Fedora release 33 (Thirty Three)
Ansible Version
ansible [core 2.11.6]
config file = None
configured module search path = ['/home/z003s32w/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
ansible collection location = /home/z003s32w/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.9.7 (default, Aug 30 2021, 00:00:00) [GCC 10.3.1 20210422 (Red Hat 10.3.1-1)]
jinja version = 3.0.1
libyaml = True
Role Version
0c840372d86db41f08496d1d61d0d4a2d2b2a640 # latest master