https://packages.ubuntu.com/jammy/openssh-server clearly states the following under dependency section: libssl3 (>= 3.0.1) [not amd64, i386] Secure Sockets Layer toolkit - shared libraries libssl3 (>= 3.0.2) [amd64, i386]
I am trying to use libssl3 version 3.1 which is in fact greater than 3.0.2. This in my opinion should be supported or the documentation updated to state '>=3.0.2` and '<3.1' explicitly. I also acknowledge that this is not a bug in ubuntu itself. However, this is a bug in OpenSSH. Their code isn't treating 3.1 as being greater than 3.0 which is wrong. And this is a critical bug because the impact of this is that we lose SSH access to our machines when we run into this. To your comment "Unless you have specific needs, I suggest sticking with the Ubuntu packaged version of OpenSSL." - I am trying to evaluate and benchmark OpenSSL 3.1 so that we can consider moving to it soon since we intend to use the functionality that comes with it. At the moment, the OpenSSH bug is blocking that work. So I would think that my needs are "specific" and I unfortunately can't "stick with the Ubuntu packaged version of OpenSSL". It's fine if you think it's not a problem that needs fixing at this time within Ubuntu. I reckon that leaves me with two options : 1) Build OpenSSH myself with the fix in question on Ubuntu 2) Move away from Ubuntu and start using Debian Trixie (because it already comes with the newer version of OpenSSH) for our OpenSSL 3.1 evaluation/benchmarking work -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2038561 Title: Requesting Ubuntu package manager to release openssh updates to focal and jammy Status in openssh package in Ubuntu: Incomplete Bug description: We're are unable to test OpenSSL 3.1 versions on Ubuntu 22.04 and 20.04 machines because the machine gets bricked and loses SSH after installation of OpenSSL 3.1.2. This is because SSHD gets restarted when OpenSSL 3.1 gets installed. But it fails to come up and we lose SSH access to the box. Debug logging on SSHD shows the below error when it tries to start : OpenSSL version mismatch. Built against 30000020, you have 30100020 After researching in online forums, it appears that this is an OpenSSH bug and it's been fixed in version 9.4p1 and 9.5p1 via this fix : https://github.com/openssh/openssh-portable/commit/b7afd8a4ecaca8afd3179b55e9db79c0ff210237 However, it appears that only 8.9p1 version of openssh-client and openssh-server are available in Ubuntu packages. Requesting you to please release openssh versions 9.4p1 or 9.5p1 on Jammy and Focal which will help us move past this bug and start testing OpenSSL 3.1 for our use cases. Additional information about our environment: $ lsb_release -rd Description: Ubuntu 22.04.3 LTS Release: 22.04 $ apt-cache policy openssh-server openssh-server: Installed: 1:8.9p1-3ubuntu0.4 Candidate: 1:8.9p1-3ubuntu0.4 Version table: *** 1:8.9p1-3ubuntu0.4 500 500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages 100 /var/lib/dpkg/status 1:8.9p1-3ubuntu0.3 500 500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages 1:8.9p1-3 500 500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2038561/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
