[Pkg-ganeti-devel] Bug#853129: ganeti: Ganeti depends on SSH-DSS public keys to work

Martin Weinelt hexa at darmstadt.ccc.de
Mon Jan 30 00:34:38 UTC 2017 

Package: ganeti
Version: 2.15.2-7
Severity: important
Tags: upstream

Dear Maintainer,

ganeti heavily depends on SSH-DSS keypairs for operations between
cluster nodes, with OpenSSH 7.0 said keys have been deprecated.

Please add a remark that SSH-DSS needs to be reallowed if ganeti is
supposed to work.

In /etc/ssh/ssh_config
Add PubkeyAcceptedKeyTypes +ssh-dss

In /etc/ssh/sshd_config
Add PubkeyAcceptedKeyTypes +ssh-dss


-- Package-specific info:
Version symlinks:
  /etc/ganeti/share -> /usr/share/ganeti/2.15
  /etc/ganeti/lib -> /usr/lib/ganeti/2.15
Cluster config version: 2.15.2
Address family: IPv4
Enabled hypervisors: kvm
kvm hypervisor parameters:
  acpi=True
  boot_order=disk
  cpu_cores=0
  cpu_mask=all
  cpu_sockets=0
  cpu_threads=0
  disk_aio=threads
  disk_cache=default
  disk_type=paravirtual
  kernel_args=ro
  kvm_path=/usr/bin/kvm
  migration_bandwidth=32
  migration_downtime=30
  migration_mode=live
  migration_port=8102
  nic_type=paravirtual
  reboot_behavior=reboot
  root_path=/dev/vda1
  security_model=none
  serial_console=True
  serial_speed=38400
  spice_ip_version=0
  spice_playback_compression=True
  spice_tls_ciphers=HIGH:-DES:-3DES:-EXPORT:-DH
  spice_use_tls=False
  spice_use_vdagent=True
  use_chroot=False
  use_localtime=False
  user_shutdown=False
  vhost_net=False
  virtio_net_queues=1
  vnc_tls=False
  vnc_x509_verify=False
  vnet_hdr=True

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ganeti depends on:
ii  adduser              3.115
ii  ganeti-2.15          2.15.2-7
ii  ganeti-haskell-2.15  2.15.2-7
ii  ganeti-htools-2.15   2.15.2-7
ii  python               2.7.13-1

Versions of packages ganeti recommends:
ii  drbd-utils                   8.9.10-1
ii  ganeti-instance-debootstrap  0.16-1
ii  ndisc6                       1.0.3-2
ii  qemu-kvm                     1:2.8+dfsg-2

Versions of packages ganeti suggests:
pn  blktap-dkms  <none>
pn  ganeti-doc   <none>
pn  molly-guard  <none>

-- no debconf information

More information about the Pkg-ganeti-devel mailing list