[PATCH rhel7-alpha2-branch] Start ssh with systemd, not in anaconda (#824580)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In this take:

1) sshd is started always, regardless of sshd boot option,
(as in s390x) with empty root password.

2) sshpw kickstart command works, so root/users passwords can be set,
but this happens in anaconda so between sshd and anaconda is run
there is root ssh access without password.

Is this ok for alpha2?
To achieve original behaviour we'll need to parse sshd option in dracut and
change sshd (and/or perhaps anaconda/sshd systemd) configuration files in dracut.
Setting passwords (at least for root) already in dracut may be needed.
I'd need to consult this with Will, or leave it to him.

Resolves: rhbz#824580
---
 data/systemd/anaconda.target |    1 +
 pyanaconda/sshd.py           |   46 ++++-------------------------------------
 2 files changed, 6 insertions(+), 41 deletions(-)

diff --git a/data/systemd/anaconda.target b/data/systemd/anaconda.target
index 983ff3b..1af847d 100644
--- a/data/systemd/anaconda.target
+++ b/data/systemd/anaconda.target
@@ -9,3 +9,4 @@ Wants=rsyslog.service
 Wants=udev-settle.service
 Wants=NetworkManager.service
 Wants=plymouth-quit.service plymouth-quit-wait.service
+Wants=sshd.service
diff --git a/pyanaconda/sshd.py b/pyanaconda/sshd.py
index b6c9372..300d943 100644
--- a/pyanaconda/sshd.py
+++ b/pyanaconda/sshd.py
@@ -23,34 +23,16 @@ import logging
 import os, sys
 log = logging.getLogger("anaconda")
 
-import iutil
 import users
 from flags import flags
 from constants import ROOT_PATH
 
-def createSshKey(algorithm, keyfile):
-    path = '/etc/ssh/%s' % (keyfile,)
-    argv = ['-q','-t',algorithm,'-f',path,'-C','','-N','']
-    if os.access(path, os.R_OK):
-        return
-    log.debug("running \"%s\"" % (" ".join(['ssh-keygen']+argv),))
-
-    so = "/tmp/ssh-keygen-%s-stdout.log" % (algorithm,)
-    se = "/tmp/ssh-keygen-%s-stderr.log" % (algorithm,)
-    iutil.execWithRedirect('ssh-keygen', argv, stdout=so, stderr=se)
-
 def doSshd(anaconda):
-    if flags.sshd:
-        # we need to have a libuser.conf that points to the installer root for
-        # sshpw, but after that we start sshd, we need one that points to the
-        # install target.
-        luserConf = users.createLuserConf(instPath="")
-        handleSshPw(anaconda)
-        startSsh()
-        del(os.environ["LIBUSER_CONF"])
-    else:
-        log.info("sshd: not enabled, skipping.")
-
+    # we need to have a libuser.conf that points to the installer root for
+    # sshpw, but after that we need one that points to the install target.
+    luserConf = users.createLuserConf(instPath="")
+    handleSshPw(anaconda)
+    del(os.environ["LIBUSER_CONF"])
     users.createLuserConf(ROOT_PATH)
 
 def handleSshPw(anaconda):
@@ -70,21 +52,3 @@ def handleSshPw(anaconda):
             u.createUser(ud.username, **kwargs)
 
     del u
-
-def startSsh():
-    if iutil.isS390():
-        return
-
-    if not iutil.fork_orphan():
-        os.open("/var/log/lastlog", os.O_RDWR | os.O_CREAT, 0644)
-        ssh_keys = {
-            'rsa1':'ssh_host_key',
-            'rsa':'ssh_host_rsa_key',
-            'dsa':'ssh_host_dsa_key',
-            }
-        for (algorithm, keyfile) in ssh_keys.items():
-            createSshKey(algorithm, keyfile)
-        sshd = iutil.find_program_in_path("sshd")
-        args = [sshd, "-f", "/etc/ssh/sshd_config.anaconda"]
-        os.execv(sshd, args)
-        sys.exit(1)
-- 
1.7.4

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list


[Index of Archives]     [Kickstart]     [Fedora Users]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]
  Powered by Linux