Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#76448 - [openssl] 3.0.7-2 breaks ssh authentication agent

Attached to Project: Arch Linux
Opened by Busindre (Busindre) - Sunday, 06 November 2022, 11:57 GMT
Last edited by Toolybird (Toolybird) - Sunday, 06 November 2022, 22:30 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description: openssl 3.0.7-2 breaks ssh authentication agent.

After a full system upgrade ssh has problems using encrypted private keys. This also affects other software such as Vagrant (which has been fixed in an update today).


#### Pacman logs

[2022-11-06T02:28:02+0100] [ALPM] upgraded openssl (1.1.1.q-1 -> 3.0.7-2)
[2022-11-06T02:28:02+0100] [ALPM] upgraded libsasl (2.1.28-1 -> 2.1.28-3)
[2022-11-06T02:28:02+0100] [ALPM] upgraded libldap (2.6.3-1 -> 2.6.3-2)
[2022-11-06T02:28:02+0100] [ALPM] upgraded libevent (2.1.12-2 -> 2.1.12-4)
[2022-11-06T02:28:02+0100] [ALPM] upgraded krb5 (1.20-1 -> 1.20-3)
[2022-11-06T02:28:02+0100] [ALPM] upgraded libxcrypt (4.4.28-2 -> 4.4.30-1)
[2022-11-06T02:28:02+0100] [ALPM] upgraded python (3.10.8-2 -> 3.10.8-3)
[2022-11-06T02:28:02+0100] [ALPM] upgraded bind (9.18.8-1 -> 9.18.8-2)
[2022-11-06T02:28:02+0100] [ALPM] upgraded systemd-libs (251.7-1 -> 251.7-4)
[2022-11-06T02:28:02+0100] [ALPM] upgraded cryptsetup (2.5.0-1 -> 2.5.0-3)
[2022-11-06T02:28:02+0100] [ALPM] upgraded kmod (30-1 -> 30-3)
[2022-11-06T02:28:02+0100] [ALPM] upgraded libssh2 (1.10.0-1 -> 1.10.0-3)
[2022-11-06T02:28:02+0100] [ALPM] upgraded coreutils (9.1-1 -> 9.1-3)
[2022-11-06T02:28:02+0100] [ALPM] upgraded curl (7.86.0-1 -> 7.86.0-3)
[2022-11-06T02:28:02+0100] [ALPM] upgraded systemd (251.7-1 -> 251.7-4)
[2022-11-06T02:28:02+0100] [ALPM] upgraded libpulse (16.1-1 -> 16.1-3)
[2022-11-06T02:28:02+0100] [ALPM] upgraded conky (1.12.2-2 -> 1.15.0-1)
[2022-11-06T02:28:03+0100] [ALPM] upgraded fakeroot (1.29-1 -> 1.30.1-1)
[2022-11-06T02:28:03+0100] [ALPM] upgraded libssh (0.10.4-1 -> 0.10.4-3)
[2022-11-06T02:28:03+0100] [ALPM] upgraded srt (1.5.1-1 -> 1.5.1-3)
[2022-11-06T02:28:03+0100] [ALPM] upgraded lcms2 (2.13.1-1 -> 2.14-1)
[2022-11-06T02:28:03+0100] [ALPM] upgraded firefox (106.0.4-1 -> 106.0.5-1)
[2022-11-06T02:28:03+0100] [ALPM] upgraded gstreamer (1.20.4-1 -> 1.20.4-3)
[2022-11-06T02:28:03+0100] [ALPM] upgraded gst-plugins-base-libs (1.20.4-1 -> 1.20.4-3)
[2022-11-06T02:28:03+0100] [ALPM] upgraded freerdp (2:2.8.1-2 -> 2:2.8.1-3)
[2022-11-06T02:28:03+0100] [ALPM] upgraded git (2.38.1-1 -> 2.38.1-2)
[2022-11-06T02:28:03+0100] [ALPM] upgraded gst-plugins-base (1.20.4-1 -> 1.20.4-3)
[2022-11-06T02:28:03+0100] [ALPM] upgraded libshout (1:2.4.6-1 -> 1:2.4.6-2)
[2022-11-06T02:28:03+0100] [ALPM] upgraded gst-plugins-good (1.20.4-1 -> 1.20.4-3)
[2022-11-06T02:28:03+0100] [ALPM] upgraded john (1.9.0.jumbo1-7 -> 1.9.0.jumbo1-8)
[2022-11-06T02:28:03+0100] [ALPM] upgraded ldns (1.8.3-1 -> 1.8.3-2)
[2022-11-06T02:28:03+0100] [ALPM] upgraded libarchive (3.6.1-2 -> 3.6.1-5)
[2022-11-06T02:28:04+0100] [ALPM] upgraded poppler-data (0.4.11-1 -> 0.4.11-2)
[2022-11-06T02:28:04+0100] [ALPM] upgraded libspectre (0.2.10-2 -> 0.2.11-1)
[2022-11-06T02:28:04+0100] [ALPM] upgraded libtorrent-rasterbar (1:2.0.8-1 -> 1:2.0.8-2)
[2022-11-06T02:28:04+0100] [ALPM] upgraded libtpms (0.9.5-1 -> 0.9.5-2)
[2022-11-06T02:28:04+0100] [ALPM] upgraded linux (6.0.6.arch1-1 -> 6.0.7.arch1-1)
[2022-11-06T02:28:06+0100] [ALPM] upgraded linux-headers (6.0.6.arch1-1 -> 6.0.7.arch1-1)
[2022-11-06T02:28:06+0100] [ALPM] upgraded moreutils (0.67-2 -> 0.67-3)
[2022-11-06T02:28:06+0100] [ALPM] upgraded tpm2-tss (3.2.0-1 -> 3.2.0-3)
[2022-11-06T02:28:06+0100] [ALPM] upgraded mutt (2.2.7-1 -> 2.2.7-2)
[2022-11-06T02:28:06+0100] [ALPM] upgraded nmap (7.92-1 -> 7.92-2)
[2022-11-06T02:28:06+0100] [ALPM] upgraded ntp (4.2.8.p15-1 -> 4.2.8.p15-2)
[2022-11-06T02:28:06+0100] [ALPM] upgraded ppp (2.4.9-2 -> 2.4.9-3)
[2022-11-06T02:28:06+0100] [ALPM] upgraded openfortivpn (1.19.0-1 -> 1.19.0-2)
[2022-11-06T02:28:06+0100] [ALPM] upgraded openssh (9.1p1-1 -> 9.1p1-3)
[2022-11-06T02:28:06+0100] [ALPM] upgraded pacman (6.0.1-8 -> 6.0.2-5)
[2022-11-06T02:28:06+0100] [ALPM] upgraded perl-html-parser (3.79-1 -> 3.80-1)
[2022-11-06T02:28:06+0100] [ALPM] upgraded perl-net-ssleay (1.92-1 -> 1.92-2)
[2022-11-06T02:28:06+0100] [ALPM] upgraded python-cryptography (38.0.2-1 -> 38.0.2-2)
[2022-11-06T02:28:06+0100] [ALPM] upgraded python-setuptools (1:64.0.0-1 -> 1:64.0.1-1)
[2022-11-06T02:28:06+0100] [ALPM] upgraded python-distro (1.7.0-1 -> 1.8.0-1)
[2022-11-06T02:28:06+0100] [ALPM] upgraded qpdf (11.1.1-1 -> 11.1.1-2)
[2022-11-06T02:28:07+0100] [ALPM] upgraded qt5-base (5.15.7+kde+r167-1 -> 5.15.7+kde+r168-1)
[2022-11-06T02:28:07+0100] [ALPM] upgraded rsync (3.2.7-1 -> 3.2.7-2)
[2022-11-06T02:28:07+0100] [ALPM] upgraded ruby-stdlib (3.0.4-18 -> 3.0.4-20)
[2022-11-06T02:28:07+0100] [ALPM] upgraded ruby-bundledgems (3.0.4-18 -> 3.0.4-20)
[2022-11-06T02:28:07+0100] [ALPM] upgraded ruby (3.0.4-18 -> 3.0.4-20)
[2022-11-06T02:28:07+0100] [ALPM] upgraded ruby2.7 (2.7.6-1 -> 2.7.6-2)
[2022-11-06T02:28:07+0100] [ALPM] upgraded s-nail (14.9.24-1 -> 14.9.24-2)
[2022-11-06T02:28:07+0100] [ALPM] upgraded socat (1.7.4.3-1 -> 1.7.4.3-2)
[2022-11-06T02:28:07+0100] [ALPM] upgraded sudo (1.9.12-1 -> 1.9.12-5)
[2022-11-06T02:28:07+0100] [ALPM] upgraded systemd-sysvcompat (251.7-1 -> 251.7-4)
[2022-11-06T02:28:07+0100] [ALPM] upgraded tor (0.4.7.10-1 -> 0.4.7.10-2)
[2022-11-06T02:28:07+0100] [ALPM] upgraded virtualbox-host-dkms (7.0.2-1 -> 7.0.2-2)
[2022-11-06T02:28:07+0100] [ALPM] upgraded virtualbox (7.0.2-1 -> 7.0.2-2)
[2022-11-06T02:28:07+0100] [ALPM] upgraded w3m (0.5.3.git20220409_1-1 -> 0.5.3.git20220409_1-2)
[2022-11-06T02:28:07+0100] [ALPM] upgraded xmlsec (1.2.36-1 -> 1.2.36-2)
[2022-11-06T12:19:23+0100] [PACMAN] starting full system upgrade
[2022-11-06T12:19:35+0100] [ALPM] upgraded sudo (1.9.12-5 -> 1.9.12.p1-1)
[2022-11-06T12:19:36+0100] [ALPM] upgraded vagrant (2.3.2-1 -> 2.3.2-2)
[2022-11-06T12:36:06+0100] [PACMAN] starting full system upgrade


Steps to reproduce:

#### ssh connections.

ssh commands.
Enter passphrase for key '/home/XXX/.ssh/id_rsa':
debug2: bad passphrase given, try again...


#### Remove private key passphrase.

openssl rsa -in .ssh/id_rsa -out test_dec
Enter pass phrase for .ssh/id_rsa:
Could not read private key from .ssh/id_rsa
40A75FEEE37F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (DES-CBC : 11), Properties ()
40A75FEEE37F0000:error:04800065:PEM routines:PEM_do_header:bad decrypt:crypto/pem/pem_lib.c:467:


#### Currently solved but related to the problem.

Vagrant ssh warning: https://github.com/hashicorp/vagrant/issues/12985

This task depends upon

Closed by  Toolybird (Toolybird)
Sunday, 06 November 2022, 22:30 GMT
Reason for closing:  Not a bug
Additional comments about closing:  See comments
Comment by loqs (loqs) - Sunday, 06 November 2022, 12:05 GMT
Have you enabled the legacy provider [1]? Which is needed for DES.

[1] https://bbs.archlinux.org/viewtopic.php?pid=2065783#p2065783
Comment by Busindre (Busindre) - Sunday, 06 November 2022, 14:05 GMT
It works, after legacy activation in /etc/ssl/openssl.cnf everything seems to work again. Thx!!

####

[openssl_init]
providers = provider_sect

[provider_sect]
default = default_sec
legacy = legacy_sect

[legacy_sect]
activate = 1

[default_sect]
activate = 1
Comment by Toolybird (Toolybird) - Sunday, 06 November 2022, 22:29 GMT
Thank you @loqs! This would see like good info for the wiki. Hopefully someone will take the initiative...

Loading...