Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

backends: LXD: fix SSH login for ubuntu-22.04 #179

Closed
wants to merge 2 commits into from
Closed

backends: LXD: fix SSH login for ubuntu-22.04 #179

wants to merge 2 commits into from

Conversation

thp-canonical
Copy link
Contributor

@thp-canonical thp-canonical commented Feb 21, 2024
edited
Loading

This fixes the issue that SSH login wouldn't work after a ubuntu-22.04 image is deployed.

While tuneSSH() tries to set PasswordAuthentication to yes in /etc/ssh/sshd_config, Ubuntu 22.04 images in LXD have a file /etc/ssh/sshd_config.d/60-cloudimg-settings.conf that contains "PasswordAuthentication no", and this file is sourced by /etc/ssh/sshd_config.

Fix this by also seding all files matching /etc/ssh/sshd_config.d/*, but ignore failures of this command, as Ubuntu 20.04 and older don't have /etc/ssh/sshd_config.d (or files that match the glob above).

Related links: https://superuser.com/a/1828947

@thp-canonical
Copy link
Contributor Author

Related issue in other backends, probably we should align with those:

@thp-canonical thp-canonical force-pushed the lxd-ubuntu-22.04-tune-ssh branch 2 times, most recently from b0438af to c6220b5 Compare February 26, 2024 08:19
@thp-canonical thp-canonical force-pushed the lxd-ubuntu-22.04-tune-ssh branch from c6220b5 to 3954505 Compare February 26, 2024 08:21
@thp-canonical thp-canonical mentioned this pull request Feb 26, 2024
Open
@slyon
Copy link

slyon commented Mar 13, 2024

I'm interested in this fix. It sounds like it could fix the spread test issue we're seeing in Netplan's CI:

Run ~/go/bin/spread -v lxd:
202[4](https://github.com/canonical/netplan/actions/runs/8265397396/job/22610944314#step:5:5)-03-13 13:22:3[5](https://github.com/canonical/netplan/actions/runs/8265397396/job/22610944314#step:5:6) Found /home/runner/work/netplan/netplan/spread.yaml.
2024-03-13 13:22:35 Project content is packed for delivery (1.01MB).
2024-03-13 13:22:35 Sequence of jobs produced with -seed=171033[6](https://github.com/canonical/netplan/actions/runs/8265397396/job/22610944314#step:5:7)155
2024-03-13 13:22:35 If killed, discard servers with: spread -reuse-pid=4596 -discard
2024-03-13 13:22:35 Allocating lxd:ubuntu-22.04...
2024-03-13 13:22:3[7](https://github.com/canonical/netplan/actions/runs/8265397396/job/22610944314#step:5:8) Cannot find cached LXD image for lxd:ubuntu-22.04.
2024-03-13 13:23:03 Waiting for lxd container spread-1-ubuntu-22-04 to have an address...
2024-03-13 13:23:05 Allocated lxd:ubuntu-22.04 (spread-1-ubuntu-22-04).
2024-03-13 13:23:05 Connecting to lxd:ubuntu-22.04 (spread-1-ubuntu-22-04)...
2024-03-13 13:24:05 Discarding lxd:ubuntu-22.04 (spread-1-ubuntu-22-04), cannot connect: cannot connect to lxd:ubuntu-22.04 (spread-1-ubuntu-22-04): ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain
2024-03-13 13:24:0[8](https://github.com/canonical/netplan/actions/runs/8265397396/job/22610944314#step:5:9) Successful tasks: 0
error: unsuccessful run
2024-03-[13](https://github.com/canonical/netplan/actions/runs/8265397396/job/22610944314#step:5:14) 13:24:08 Aborted tasks: 2
Error: Process completed with exit code 1.

@bboozzoo bboozzoo mentioned this pull request Mar 13, 2024
Merged
ZeyadYasser
ZeyadYasser reviewed Mar 19, 2024
View reviewed changes
Copy link

@ZeyadYasser ZeyadYasser left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for catching this, Maybe let's wait for the fix to be merged in the google backend #155? and then backport it to all other providers so that the fix is consistent across all of them.

ZeyadYasser
ZeyadYasser reviewed Mar 25, 2024
View reviewed changes
Copy link

@ZeyadYasser ZeyadYasser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for the fix, just a small nitpick

spread/lxd.go Outdated Show resolved Hide resolved
@thp-canonical @ZeyadYasser
Update spread/lxd.go
d738487 
Co-authored-by: Zeyad Yasser <zeyady98@gmail.com>
ZeyadYasser
ZeyadYasser approved these changes Mar 26, 2024
View reviewed changes
Copy link

@ZeyadYasser ZeyadYasser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, Thank you!

slyon added a commit to slyon/netplan that referenced this pull request May 21, 2024
@slyon
CI: fork spread to get canonical#179 fixes
bed93a7 
See canonical/spread#179
@slyon slyon mentioned this pull request May 21, 2024
Merged
5 tasks
slyon added a commit to slyon/netplan that referenced this pull request May 21, 2024
@slyon
CI: fork spread to get canonical#179 fixes
c42dfec 
See canonical/spread#179
slyon added a commit to slyon/netplan that referenced this pull request May 21, 2024
@slyon
CI: fork spread to get canonical#179 fixes
66a5da6 
See canonical/spread#179
slyon added a commit to canonical/netplan that referenced this pull request May 21, 2024
@slyon
CI: fork spread to get #179 fixes
41d2319 
See canonical/spread#179
daniloegea pushed a commit to canonical/netplan that referenced this pull request Jul 3, 2024
@slyon @daniloegea
CI: fork spread to get #179 fixes
ced40dc 
See canonical/spread#179
@verterok
Copy link

Hi,
This is affecting me and my team too.
any chance to get this landed?

Thanks!

@javierdelapuente javierdelapuente mentioned this pull request Aug 12, 2024
Draft
cmatsuoka
cmatsuoka reviewed Sep 3, 2024
View reviewed changes
spread/lxd.go
@@ -482,6 +482,8 @@ func (p *lxdProvider) serverJSON(name string) (*lxdServerJSON, error) {
func (p *lxdProvider) tuneSSH(name string) error {
cmds := [][]string{
{"sed", "-i", `s/^\s*#\?\s*\(PermitRootLogin\|PasswordAuthentication\)\>.*/\1 yes/`, "/etc/ssh/sshd_config"},
{"/bin/bash", "-c", `sed -i 's/^\s*\(PermitRootLogin\|PasswordAuthentication\)\>.*/# COMMENTED OUT BY SPREAD: \0/' /etc/ssh/sshd_config.d/* || true`},
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The SSH daemon uses the first value it finds for a given configuration entry if it appears multiple times, so just adding the 00 line below should be enough?

@cmatsuoka
Copy link
Collaborator

Superseded by #184

@cmatsuoka cmatsuoka closed this Dec 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cmatsuoka cmatsuoka cmatsuoka left review comments

@ZeyadYasser ZeyadYasser ZeyadYasser approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@thp-canonical @slyon @verterok @cmatsuoka @ZeyadYasser