1) sshd is started always, regardless of sshd boot option,
(as in s390x) with empty root password.
2) sshpw kickstart command works, so root/users passwords can be set,
but this happens in anaconda so between sshd and anaconda is run
there is root ssh access without password.
Is this ok for alpha2?
To achieve original behaviour we'll need to parse sshd option in dracut and
change sshd (and/or perhaps anaconda/sshd systemd) configuration files in dracut.
Setting passwords (at least for root) already in dracut may be needed.
I'd need to consult this with Will, or leave it to him.
-import iutil
import users
from flags import flags
from constants import ROOT_PATH
-def createSshKey(algorithm, keyfile):
- path = '/etc/ssh/%s' % (keyfile,)
- argv = ['-q','-t',algorithm,'-f',path,'-C',','-N',']
- if os.access(path, os.R_OK):
- return
- log.debug("running "%s"" % (" ".join(['ssh-keygen']+argv),))
-
- so = "/tmp/ssh-keygen-%s-stdout.log" % (algorithm,)
- se = "/tmp/ssh-keygen-%s-stderr.log" % (algorithm,)
- iutil.execWithRedirect('ssh-keygen', argv, stdout=so, stderr=se)
-
def doSshd(anaconda):
- if flags.sshd:
- # we need to have a libuser.conf that points to the installer root for
- # sshpw, but after that we start sshd, we need one that points to the
- # install target.
- luserConf = users.createLuserConf(instPath="")
- handleSshPw(anaconda)
- startSsh()
- del(os.environ["LIBUSER_CONF"])
- else:
- log.info("sshd: not enabled, skipping.")
-
+ # we need to have a libuser.conf that points to the installer root for
+ # sshpw, but after that we need one that points to the install target.
+ luserConf = users.createLuserConf(instPath="")
+ handleSshPw(anaconda)
+ del(os.environ["LIBUSER_CONF"])
users.createLuserConf(ROOT_PATH)
_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
05-30-2012, 03:26 AM
Jesse Keating
Start ssh with systemd, not in anaconda (#824580)
On 05/29/2012 05:36 AM, Radek Vykydal wrote:
In this take:
1) sshd is started always, regardless of sshd boot option,
(as in s390x) with empty root password.
2) sshpw kickstart command works, so root/users passwords can be set,
but this happens in anaconda so between sshd and anaconda is run
there is root ssh access without password.
Is this ok for alpha2?
To achieve original behaviour we'll need to parse sshd option in dracut and
change sshd (and/or perhaps anaconda/sshd systemd) configuration files in dracut.
Setting passwords (at least for root) already in dracut may be needed.
I'd need to consult this with Will, or leave it to him.
In the s390 case we don't want anaconda to start, what we want is the
sshd server brought up, and a message displayed to the user to ssh in as
install@<host>. The install user has a shell set to launch anaconda.
What I've been playing with locally is changing what the
anaconda@.service executes. I created a simple anaconda.sh that will
just echo "Please ssh -x install@<host> to start Anaconda", and I makde
the anaconda@.service execute that. Then /sbin/anaconda gets launched
by the install user.
What we could do is a bit more of a shim in /sbin/anaconda or
/sbin/anaconda.sh or wherever. If the arch is s390, then it'll do the
echo and exit, but if it's not s390 then it'll continue on to actually
launch anaconda.
I don't think this solves the root password problem, but as you said we
can move that into dracut for parsing, so that it can be done prior to
sshd service bring up. The dracut parsing could also set a file or flag
for the sshd service to be enabled/disabled, again if s390 forcing it
on. Not quite sure what this would look like, just an idea.
--
Jesse Keating
Fedora -- Freedom˛ is a feature!
_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
This part is fine, provided we can find some way to toggle it on/off
from dracut (if that's still desired, not sure how sshd would work if
there is no network brought up)
-import iutil
import users
from flags import flags
from constants import ROOT_PATH
-def createSshKey(algorithm, keyfile):
- path = '/etc/ssh/%s' % (keyfile,)
- argv = ['-q','-t',algorithm,'-f',path,'-C',','-N',']
- if os.access(path, os.R_OK):
- return
- log.debug("running "%s"" % (" ".join(['ssh-keygen']+argv),))
-
- so = "/tmp/ssh-keygen-%s-stdout.log" % (algorithm,)
- se = "/tmp/ssh-keygen-%s-stderr.log" % (algorithm,)
- iutil.execWithRedirect('ssh-keygen', argv, stdout=so, stderr=se)
-
def doSshd(anaconda):
- if flags.sshd:
- # we need to have a libuser.conf that points to the installer root for
- # sshpw, but after that we start sshd, we need one that points to the
- # install target.
- luserConf = users.createLuserConf(instPath="")
- handleSshPw(anaconda)
- startSsh()
- del(os.environ["LIBUSER_CONF"])
- else:
- log.info("sshd: not enabled, skipping.")
-
+ # we need to have a libuser.conf that points to the installer root for
+ # sshpw, but after that we need one that points to the install target.
+ luserConf = users.createLuserConf(instPath="")
+ handleSshPw(anaconda)
+ del(os.environ["LIBUSER_CONF"])
users.createLuserConf(ROOT_PATH)
Start ssh with systemd, not in anaconda (#824580)
