Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1331753

Summary: anaconda should not depend on legacy sshd-keygen script during install
Product: [Fedora] Fedora Reporter: Jakub Jelen <jjelen>
Component: anacondaAssignee: Anaconda Maintenance Team <anaconda-maint-list>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: 25CC: anaconda-maint-list, extras-qa, g.kaviyarasu, jjelen, jonathan, jstodola, mattias.ellert, mgrepl, plautrba, rvykydal, tmraz, vanmeeuwen+fedora
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1331077 Environment:
Last Closed: 2017-12-12 10:47:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1359762, 1378378    
Bug Blocks:    

Description Jakub Jelen 2016-04-29 12:45:38 UTC 
+++ This bug was initially created as a clone of Bug #1331077 +++

Description of problem:
sshd fails to start during installation with the inst.sshd option on the kernel command line:

[anaconda root@localhost /]# systemctl status anaconda-sshd
● anaconda-sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/anaconda-sshd.service; static; vendor preset: enabled)
   Active: failed (Result: exit-code) since Wed 2016-04-27 15:33:21 UTC; 15min ago
  Process: 1530 ExecStartPre=/usr/sbin/sshd-keygen (code=exited, status=203/EXEC)

Apr 27 15:33:21 localhost systemd[1]: Starting OpenSSH server daemon...
Apr 27 15:33:21 localhost systemd[1]: anaconda-sshd.service: Control process exited, code=exited status=203
Apr 27 15:33:21 localhost systemd[1]: Failed to start OpenSSH server daemon.
Apr 27 15:33:21 localhost systemd[1]: anaconda-sshd.service: Unit entered failed state.
Apr 27 15:33:21 localhost systemd[1]: anaconda-sshd.service: Failed with result 'exit-code'.
[anaconda root@localhost /]# systemctl status anaconda-sshd

From journalctl:
...
systemd[1530]: anaconda-sshd.service: Failed at step EXEC spawning /usr/sbin/sshd-keygen: No such file or directory
...

This seems to be related to changes in openssh, bug 1325535

Version-Release number of selected component (if applicable):
anaconda 24.13.4-1
openssh-7.2p2-4.fc24

How reproducible:
always

Steps to Reproduce:
1. append "inst.sshd" on the kernel command line when starting the installation
2. try to log in via ssh when the installer starts

Actual results:
connections refused, sshd not running

Expected results:
able to connect, sshd is running

Additional info:
This issue makes it harder to debug installer related issues, and it prevents from manual installation on s390x, since login via ssh is necessary to proceed with manual installation.

--- Additional comment from Jakub Jelen on 2016-04-28 10:46:18 CEST ---

(In reply to David Shea from comment #3)
> (In reply to Jan Stodola from comment #0)
> > From journalctl:
> > ...
> > systemd[1530]: anaconda-sshd.service: Failed at step EXEC spawning
> > /usr/sbin/sshd-keygen: No such file or directory
> > ...
> 
> How about openssh doesn't remove essential scripts without a change request
> or something.

Yes, that would be nice. I agree that the change came quite late [1]. Sorry about that. But as we are already there, it would be nice if anaconda would sync up with openssh.

Earlier we got report (bug #1066615), that we should not call sshd-keygen as ExecStartPre, which should have been probably reflected in anaconda unit earlier (is the discussed unit this one [2]?). Can anaconda-sshd start also after sshd-keygen.target as normal sshd does it now [3]?

[1] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/RAVATCRUEWV7FX56Z2BV32RWPTT2YGAO/#2AHH4AFYYDWPE6SUG3ZCQJKNAXNUWDT7
[2] https://github.com/rhinstaller/anaconda/blob/master/data/systemd/anaconda-sshd.service
[3] http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/tree/sshd.service#n5
Comment 1 Jan Kurik 2016-07-26 04:04:49 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 25 development cycle.
Changing version to '25'.
Comment 2 Jakub Jelen 2016-07-26 07:27:33 UTC 
FYI, I am removing the sshd-keygen from Rawhide and F25 today. It would be great to have the change [1] (recently merged upstream), also in Fedora 25 soon to prevent failures.

[1] https://github.com/rhinstaller/anaconda/pull/701
Comment 3 Radek Vykydal 2016-09-22 09:19:24 UTC 
https://github.com/rhinstaller/lorax/issues/153
runtime-cleanup.tmpl removes sshd-keygen, breaks sshd
Comment 4 Radek Vykydal 2016-09-22 12:01:19 UTC 
(In reply to Radek Vykydal from comment #3)
> https://github.com/rhinstaller/lorax/issues/153
> runtime-cleanup.tmpl removes sshd-keygen, breaks sshd

Filed bug 1378378.
Comment 5 Fedora End Of Life 2017-12-12 10:47:52 UTC 
Fedora 25 changed to end-of-life (EOL) status on 2017-12-12. Fedora 25 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.