Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1383641
Summary: | ed25519 and ecdsa OpenSSH keys are not pregenerated | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Dan Horák <dan> |
Component: | lorax | Assignee: | Brian Lane <bcl> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 25 | CC: | anaconda-maint-list, bcl, jstodola |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | s390x | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | lorax-25.17-1 lorax-25.17-1.fc25 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-10-26 22:31:08 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 467765, 1378351 |
Description
Dan Horák
2016-10-11 10:17:33 UTC
You certainly don't want to include keygen as part of the image creation process. Then everyone will get the same keys. Make sure the iso you are using was created using lorax-25.16-1 or later. *** This bug has been marked as a duplicate of bug 1378378 *** (In reply to Brian Lane from comment #1) > You certainly don't want to include keygen as part of the image creation > process. Then everyone will get the same keys. Shouldn't we then remove the whole key-creation section in runtime-postinstall.tmpl for s390(x) mentioned above? (In reply to Dan Horák from comment #2) > (In reply to Brian Lane from comment #1) > > You certainly don't want to include keygen as part of the image creation > > process. Then everyone will get the same keys. > > Shouldn't we then remove the whole key-creation section in > runtime-postinstall.tmpl for s390(x) mentioned above? I would think so, but since I'm not exactly sure *why* that code is there someone with s390 access will have to give it a try to make sure it doesn't break anything. Log from booting a refreshed install.img after updating post-install lorax template ... Starting Anaconda NetworkManager configuration... Starting Service enabling compressing RAM with zRam... Starting Terminate Plymouth Boot Screen... Starting pre-anaconda logging service... Starting OpenSSH ecdsa Server Key Generation... [ [0;32m OK [0m] Started Hardware RNG Entropy Gatherer Daemon. Starting Hold until boot process finishes up... Starting OpenSSH ed25519 Server Key Generation... Starting OpenSSH rsa Server Key Generation... Starting System Logging Service... Starting Login Service... [ 33.533897] anaconda[1680]: Starting installer, one moment... [ 33.535137] anaconda[1680]: 12:02:42 Please ssh install@devel3 (a.b.c.d) to begin the install. Will send a pull request ASAP. See https://github.com/rhinstaller/lorax/pull/165 for the dropping of ssh keygen in the image. Thanks for testing that! lorax-25.17-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-0a0a45fcbe lorax-25.17-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report. |