Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-46329

[RFE] SFTP with curl-7.29.0-59.el7_9.2.x86_64 does not work with RHEL 9 Hosts (DUE to SHA1 Cipher)

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • rhel-7.9.z
    • rhel-7.9
    • curl
    • None
    • None
    • FutureFeature
    • sst_cs_plumbers
    • ssg_core_services
    • 3
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • x86_64
    • None

      What were you trying to do that didn't work?

      The customer is having an issue with curl `curl-7.29.0-59.el7_9.2.x86_64` where if they attempt to connect to a RHEL 9 machine who does not allow (SHA1) ciphers the client machine is not able to connect properly and returns with this error:
      ```
      curl: (2) Failure establishing ssh session
      ```

      This is the command the customer uses:
      ```
      $ curl -v -k -u [USER] -T [FILE] sftp://[HOST]
      ```

      In the host logs we see disconnects from SSHD:
      `Received disconnect from  [CLIENT] port [PORT]:11: Unsupported cipher [preauth]`

      This issue is fixed by enabling the hosts to still use (SHA1), `# update-crypto-policies --set LEGACY`.

      however, what is noticed that the Client machine is able to connect to the RHEL 9 machine without any issues using `SSH` or `SFTP` it only affects `curl`.

      This issue does not replicate on RHEL 9 client machines connecting to RHEL 9 host machines. 

      Please provide the package NVR for which bug is seen:

        • `curl-7.29.0-59.el7_9.2.x86_64`*

          How reproducible:

      This issue has been reproduced on multiple client machines running RHEL 7

      Steps to reproduce

      1. Client machine connect to RHEL 9 machine via SFTP via curl.

      Expected results

        • Client Machine should be able to connect to RHEL 9 machine using newer ciphers (Excluding SHA1)*

      Actual results

        • Client machines using curl `curl-7.29.0-59.el7_9.2.x86_64` are having the cipher used by SFTP be rejected by RHEL 9 machine with DEFAULT `cipher` list.*

            se-cs-plumbers se-cs-plumbers se-cs-plumbers
            rhn-support-chchiu Chen Chiu
            Jacek Migacz Jacek Migacz
            se-cs-plumbers se-cs-plumbers se-cs-plumbers se-cs-plumbers
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: