Normal Issue:
Upgrading bind on RHEL9 breaks SSH when an older openssh package is installed (pre-8.7p1-38.el9). This occurs because openssl is upgraded to 3.5 and this cause a version mismatch:
# journalctl -u sshd Dec 03 10:49:24 r93jbu01 sshd[50252]: OpenSSL version mismatch. Built against 30000070, you have 30500010
I understand that the issues as been fixed in RHBA-2024:2419 /
openssh-8.7p1-38.el9 but I believe the issue should be avoided by adding openssh as a depency.
Reproductions steps
Initial packages:
# rpm -q openssh -q openssl -q bind openssh-8.7p1-34.el9.x86_64 openssl-3.0.7-24.el9.x86_64 bind-9.16.23-14.el9_3.x86_64
Update command:
# dnf update bind Upgrading: bind x86_64 32:9.16.23-34.el9_7.1 bind-dnssec-doc noarch 32:9.16.23-34.el9_7.1 bind-dnssec-utils x86_64 32:9.16.23-34.el9_7.1 bind-libs x86_64 32:9.16.23-34.el9_7.1 bind-license noarch 32:9.16.23-34.el9_7.1 bind-utils x86_64 32:9.16.23-34.el9_7.1 openssl x86_64 1:3.5.1-4.el9_7 openssl-devel x86_64 1:3.5.1-4.el9_7 openssl-libs x86_64 1:3.5.1-4.el9_7 python3-bind noarch 32:9.16.23-34.el9_7.1 Installing dependencies: openssl-fips-provider x86_64 3.0.7-8.el9 openssl-fips-provider-so x86_64 3.0.7-8.el9
After upgrade, SSH connections fail and the journal shows:
# journalctl -u sshd Dec 03 10:49:24 r93jbu01 sshd[50252]: OpenSSL version mismatch. Built against 30000070, you have 30500010