while sleep 3; do date; ansible -bm setup -a filter=xx group_name | grep FAIL; done
For the group of servers with OpenSSH 8.1 we never got a failure during the time the test was running (6 hours). For the 2nd group we experienced the issue within the first 10 minutes - the command got stuck and the loop did not progress any further.
This leads me to a conclusion that it's the new OpenSSH version that's causing the issue.
Original Message:
Sent: Thu March 20, 2025 05:16 AM
From: Stephan Dietl
Subject: ssh 9.7
Hello @Jozef Riha !
We had the problem on every execution, yes!
With kind regards,
Stephan Dietl
------------------------------
Stephan Dietl
Original Message:
Sent: Wed March 19, 2025 09:52 AM
From: Jozef Riha
Subject: ssh 9.7
Hello Stephan,
we are also experiencing the problem with ansible - but it only manifests itself intermittently. Was it the same for you or you saw the error on each ansible execution?
Thanks, j
------------------------------
Jozef Riha
Original Message:
Sent: Mon September 16, 2024 10:56 AM
From: Stephan Dietl
Subject: ssh 9.7
Hello!
Information for all upgrading to the newly published OpenSSH 9.7.3013.1000
I got, when using Ansible with SSH keys, the following error in the authlog of the target:
"ssh_dispatch_run_fatal: Connection from user ansible_user ... port 31210: invalid format"
And on the Ansible controller a:
"Lost connection"
Login with the Ansible user using ssh on terminal worked fine, only Ansible threw an error.
Solution:
The necessary hint I got from https://github.com/ansible/awx/issues/9082 , the solution being to add a newline at the end of the private key of the Ansible automation user.
Hope this helps somebody,
With kind regards,
Stephan Dietl
------------------------------
Stephan Dietl
Original Message:
Sent: Fri April 19, 2024 02:02 AM
From: Sandeep Umesh
Subject: ssh 9.7
Hello
Current supported versions of openssh on AIX-Power are 8.1p1 and 9.2p1. AIX team ensures that the fix for any vulnerability reported on higher versions is backported onto these supported versions.
OpenSSH 9.2p1 is planned to part of AIX base image from Fall 2024 releases onwards.
Later, we plan to start an update to openSSH 9.7 or the corresponding latest version in late Q4 2024.
Thanks
Sandeep Umesh
AIX Opensource Security
------------------------------
Sandeep Umesh
Original Message:
Sent: Thu April 18, 2024 04:46 PM
From: Niël Lambrechts
Subject: ssh 9.7
Thanks for this information, I share the same concerns. I have logged an IBM case for this issue, and will try to share any meaningful feedback that they provide.
------------------------------
Niël Lambrechts
Original Message:
Sent: Wed April 17, 2024 12:43 PM
From: Russell Adams
Subject: ssh 9.7
On Wed, Apr 17, 2024 at 04:15:34PM +0000, Mohamed Gaber via IBM TechXchange Community wrote:
> recently we received vulnerability regarding to ssh and update tp 9.7 is required.
>
> i can find only version 9.2
I'd be curious too!
OpenSSH is supposed to be covered by AIX support, not the open source
toolkit. This may be the wrong community. You may have to file a
support ticket.
I've posted separately about IBM distributing unsigned SSH
packages outside the normal distribution channels for the core OS via
a marketing website. That causes me great concern.
I'm evaluating our upgrade to 7200-05-07 now, and while OpenSSL has
been updated to v3, OpenSSH is still on 8 when the marketing site has
9.2 and there are newer versions upstream like 9.7.
Please let us know where you find an authentic IBM supported update.
------------------------------------------------------------------
Russell Adams Russell.Adams@AdamsSystems.nl
Principal Consultant Adams Systems Consultancy
https://adamssystems.nl/
Original Message:
Sent: 4/17/2024 12:16:00 PM
From: Mohamed Gaber
Subject: ssh 9.7
recently we received vulnerability regarding to ssh and update tp 9.7 is required.
i can find only version 9.2
any help
------------------------------
Mohamed Gaber
------------------------------