[ZBX-4850] SSH items *with* passphrase for private key do not work under Debian, Ubuntu Created: 2012 Apr 09 Updated: 2024 Apr 11 Resolved: 2012 Apr 10 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Documentation (D) |
Affects Version/s: | None |
Fix Version/s: | 2.0.0 |
Type: | Incident report | Priority: | Minor |
Reporter: | Oleksii Zagorskyi | Assignee: | Unassigned |
Resolution: | Fixed | Votes: | 0 |
Labels: | ssh | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Debian, libssh2 installed from packages. |
Attachments: | ltrace_11717_ssh2-141ssl+passphrase.out ltrace_12105_ssh2-141gcrypt+passphrase.out | ||||
Issue Links: |
|
Description |
This issue is an attempt to report an observed behavior of libssh2 under Debian. The libssh2 can use two different crypto libraries to perform encryption/decryption: OpenSSL or Libgcrypt Configure options for libssh2: --with-libgcrypt Use Libgcrypt for crypto --with-openssl Use OpenSSL for crypto By default OpenSSL is udsed if --with-libgcrypt is not specified. Debian's package is using Libgcrypt: Why it happened? In its package in a file "rules" a line exists: The package's Changelog excerpt:
The library libssh2 for several other checked distros (centos, gentoo) and freebsd is using default OpenSSL In the same time openssh-client is using only OpenSSL: Quoting Simon: Sources: From a #libssh2 on a Freenode I learned that Simon is the author of the libgcrypt backend for libssh How to distinguish easily: # ldd /usr/lib/libssh2.so linux-vdso.so.1 => (0x00007fff67dc3000) libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0x00007f2e54679000) libz.so.1 => /usr/lib/libz.so.1 (0x00007f2e54462000) libc.so.6 => /lib/libc.so.6 (0x00007f2e540ff000) libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0x00007f2e53efc000) /lib64/ld-linux-x86-64.so.2 (0x00007f2e54b37000) OpenSSL variant: # ldd /usr/lib/libssh2.so linux-vdso.so.1 => (0x00007fff49bff000) libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0x00007f42d9ff3000) libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0x00007f42d9c52000) libz.so.1 => /usr/lib/libz.so.1 (0x00007f42d9a3a000) libc.so.6 => /lib/libc.so.6 (0x00007f42d96d8000) libdl.so.2 => /lib/libdl.so.2 (0x00007f42d94d4000) /lib64/ld-linux-x86-64.so.2 (0x00007f42da48d000) So, for now we have to add a note to documentation. Here: http://www.zabbix.com/documentation/2.0/manual/config/items/itemtypes/ssh_checks |
Comments |
Comment by Oleksii Zagorskyi [ 2012 Apr 10 ] |
Attached (just because I have got them during debugging before) two files with difference of openssl and gcrypto usage where a private key encrypted with a passphrase. libssh2 latest version 1.4.1 compiled from sources. |
Comment by Oleksii Zagorskyi [ 2012 Apr 10 ] |
As I see the same for Ubuntu: |
Comment by Oleksii Zagorskyi [ 2012 Apr 10 ] |
This case reported in Debian bugs system: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668271 |
Comment by Oleksii Zagorskyi [ 2012 Apr 10 ] |
This special case has been documented here http://www.zabbix.com/documentation/2.0/manual/config/items/itemtypes/ssh_checks Issue CLOSED for now. |
Comment by Oleksii Zagorskyi [ 2012 Apr 10 ] |
We have an answer in the http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668271 |
Comment by Michael Spurlock [ 2019 Aug 19 ] |
Would it be possible to compile Zabbix against libssh-4 instead of libssh2-1 in Ubuntu (and perhaps other Debian-based distros)? The package libssh-4 is compiled against OpeenSSL and can coexist with the libssh2-1 package. |
Comment by Oleksii Zagorskyi [ 2020 Dec 15 ] |
As I see "libssh-4" package on Ubuntu 20.04 it's another library - tiny C SSH library So, it's not about packaging and/or compilation, but about using different library, which another, more complicated, story. |
Comment by Oleksii Zagorskyi [ 2020 Dec 18 ] |
It appeared that we now support libssh library ( |
Comment by Oleksii Zagorskyi [ 2020 Dec 24 ] |
Last commend in |