Installing mc breaks Rocky 9.3 x86 image on OCI

Hi,

There is a bug in OCI (Oracle Cloud Infrastructure) version of Rocky Linux 9.3 image that breaks openssh-server in single very common command.

One of the first thing I usually install on fresh Linux installations, is mc (Midnight Commander) to easily manage file system.

I wanted to try Rocky Linux for a new instance and as usual I have installed mc moment I logged in, but after I exit I was unable to login back on server using ssh anymore.

After launching few more rocky instances to test and investigating the issue, I find that mc installs OpenSSL as one of its dependency and it causes “OpenSSL version mismatch” issue for openssh-server and it makes impossible for users to login using ssh moment they install mc and end the existing session (I guess any other package with OpenSSL dependency will do the same as well).

This issue is really easy to replicate:

  1. Launch instance with “Rocky-9-OCP-Base-9.3-20231113.5.x86_64” image;

  2. Login to instance using ssh

  3. Run “sudo dnf install -y mc”

  4. exit session

  5. Try to login again using ssh

That’s it, you will get "kex_exchange_identification: read: Connection reset by peer

Connection reset by xxx.xxx.xx.xxx port 22" error moment you try to login after that.

Temporary solution is that we can run “sudo dnf install openssh-server --refresh” right after installing mc, so it fixes OpenSSL mismatch issue and user is able to login again, but it must be done before current sessions is ended after installing mc.

Just to clarify, I’m not asking support or help on this issue since I already identified problem and found temporary fix, but reason I’m opening here is that either I’m being dumb and can’t find the way to register on your bug tracker (signup link sends me to login page), or your project made it impossible to report bugs from new users. OCI support send me to your bug tracker to report, your bug tracker won’t allow me to register and here I’m :slight_smile:

I was only testing Rocky Linux instance and accidentally found this on a fresh install, but it can mess up many servers since mc is pretty popular software and used by many Linux users. Can you imagine if someone tried to install mc on a production server? Only way to gain access to prot server after this is OCI maintenace console, but you need to have password set on your users to login, but many people don’t do it since default method is key auth with NOPASSWORD sudo enabled.

I have tested version 9.5 in VirtualBox VM and I can’t replicate this issue.

Rocky 9.3 is unsupported now, probably would work if using a Rocky 9.5 image on OCI.

Alternative, once Rocky 9.3 is running, do:

dnf update

and once at 9.5, then install mc.

Sadly no option for that and Oracle says they aren’t responsible for images and their versions and blames image provider.

Please read my post at the end :slight_smile: I already tested it on 9.5 on my local machine and no issues and I personally know how to fix it as well. This is not support thread, I just like what you guys are doing with this project and don’t want people trying it have bad experience with it.

Yes I know you tested 9.5 and you said it’s OK. So:

  1. Install Rocky 9.3.5 from the OCI
  2. Run dnf update once you login to it.
  3. Now you will be on Rocky 9.5
  4. Now install mc. Does it work?

You tested locally, but not on OCI - you didn’t run dnf update. You just installed mc which mixed up packages between 9.3 and 9.5 and prob caused the problem. Hence why I asked you to update the system installed from the 9.3.5 OCI image to 9.5 and then try installing mc.

@neil do we make the OCI images for Oracle Cloud? If so, looks like we are behind somewhat as there aren’t any 9.5 images. If not, then I guess Oracle need to sort it out :man_shrugging:

Sure, I have terminated all Rocky instances but I start the new one and try that, I’m curios as well.

Yep, can confirm, update first and installing mc afterwards fixed it.

It’s apparently published by Ctrl IQ, Inc. and I guess they aren’t related to Rocky Linux foundation directly.

It would be great if your foundation can directly provide images to large cloud providers like FreeBSD foundation does for example so users won’t be stuck with unsupported version.

Funny thing is that it’s not even hidden in some marketplace images, it’s one of the default selection on instance launch page and they don’t even keep it up to date :man_facepalming: