Net::SSH dependency prevents using HMAC SHA2 family

Details

Type: Improvement
Status: Fix Committed
Priority: Unknown
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 10.20.0, 11.2.0-client
Component/s: Chef Client, Chef Solo, Knife
Labels:
- security

Description

Please update Net::SSH dependency to version 2.5.2

The current version of Chef depends on Net::SSH 2.2.2 which only supports
limited HMAC algorithms for transport (MD5 and SHA1 family). For certain
clients, we require newer algorithms (HMAC SHA2 family), which are
supported in Net-SSH 2.5.2. Connecting to nodes, which have transport
HMAC limited to these algorithms is currently not possible.

Reference for available HMAC algorithms in Net::SSH:
net-ssh-2.2.2/lib/net/ssh/transport/hmac.rb
net-ssh-2.5.2/lib/net/ssh/transport/hmac.rb

Issue Links

relates to

CHEF-2977 ECDSA key breaks a knife operability

CHEF-3835 "gem install chef" fails due to dependency conflicts

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Bryan McLellan [Opscode] added a comment - 30/May/12 4:00 PM

net-ssh 2.5.0 would add support for ECDSA too (~~CHEF-2977~~).

Show

Bryan McLellan [Opscode] added a comment - 30/May/12 4:00 PM net-ssh 2.5.0 would add support for ECDSA too ( CHEF-2977 ).

Hide

Permalink

Bryan McLellan [Opscode] added a comment - 06/Feb/13 6:27 PM

50953b619be99d6a27297c2c2f9ee5961bf7e1b7

+ s.add_dependency "net-ssh", "~> 2.6"

Show

Bryan McLellan [Opscode] added a comment - 06/Feb/13 6:27 PM 50953b619be99d6a27297c2c2f9ee5961bf7e1b7 + s.add_dependency "net-ssh", "~> 2.6"

Hide

Permalink

Bryan McLellan [Opscode] added a comment - 06/Feb/13 10:14 PM

10-stable: 72885e093868b97e193a36172508c5e43a953ae8

Show

Bryan McLellan [Opscode] added a comment - 06/Feb/13 10:14 PM 10-stable: 72885e093868b97e193a36172508c5e43a953ae8

People

Assignee:

Unassigned

Reporter:

Edmund Haselwanter

Vote (0)

Watch (1)

Dates

Created:

30/May/12 3:37 PM

Updated:

13/Feb/13 7:56 PM

Resolved:

06/Feb/13 6:27 PM