In this take:
1) sshd is started always, regardless of sshd boot option,
(as in s390x) with empty root password.
2) sshpw kickstart command works, so root/users passwords can be set,
but this happens in anaconda so between sshd and anaconda is run
there is root ssh access without password.
Is this ok for alpha2?
To achieve original behaviour we'll need to parse sshd option in dracut and
change sshd (and/or perhaps anaconda/sshd systemd) configuration files in dracut.
Setting passwords (at least for root) already in dracut may be needed.
I'd need to consult this with Will, or leave it to him.
Resolves: rhbz#824580
---
data/systemd/anaconda.target | 1 +
pyanaconda/sshd.py | 46 ++++-------------------------------------
2 files changed, 6 insertions(+), 41 deletions(-)
diff --git a/data/systemd/anaconda.target b/data/systemd/anaconda.target
index 983ff3b..1af847d 100644
--- a/data/systemd/anaconda.target
+++ b/data/systemd/anaconda.target
@@ -9,3 +9,4 @@ Wants=rsyslog.service
Wants=udev-settle.service
Wants=NetworkManager.service
Wants=plymouth-quit.service plymouth-quit-wait.service
+Wants=sshd.service
diff --git a/pyanaconda/sshd.py b/pyanaconda/sshd.py
index b6c9372..300d943 100644
--- a/pyanaconda/sshd.py
+++ b/pyanaconda/sshd.py
@@ -23,34 +23,16 @@ import logging
import os, sys
log = logging.getLogger("anaconda")
-import iutil
import users
from flags import flags
from constants import ROOT_PATH
-def createSshKey(algorithm, keyfile):
- path = '/etc/ssh/%s' % (keyfile,)
- argv = ['-q','-t',algorithm,'-f',path,'-C','','-N','']
- if os.access(path, os.R_OK):
- return
- log.debug("running \"%s\"" % (" ".join(['ssh-keygen']+argv),))
-
- so = "/tmp/ssh-keygen-%s-stdout.log" % (algorithm,)
- se = "/tmp/ssh-keygen-%s-stderr.log" % (algorithm,)
- iutil.execWithRedirect('ssh-keygen', argv, stdout=so, stderr=se)
-
def doSshd(anaconda):
- if flags.sshd:
- # we need to have a libuser.conf that points to the installer root for
- # sshpw, but after that we start sshd, we need one that points to the
- # install target.
- luserConf = users.createLuserConf(instPath="")
- handleSshPw(anaconda)
- startSsh()
- del(os.environ["LIBUSER_CONF"])
- else:
- log.info("sshd: not enabled, skipping.")
-
+ # we need to have a libuser.conf that points to the installer root for
+ # sshpw, but after that we need one that points to the install target.
+ luserConf = users.createLuserConf(instPath="")
+ handleSshPw(anaconda)
+ del(os.environ["LIBUSER_CONF"])
users.createLuserConf(ROOT_PATH)
def handleSshPw(anaconda):
@@ -70,21 +52,3 @@ def handleSshPw(anaconda):
u.createUser(ud.username, **kwargs)
del u
-
-def startSsh():
- if iutil.isS390():
- return
-
- if not iutil.fork_orphan():
- os.open("/var/log/lastlog", os.O_RDWR | os.O_CREAT, 0644)
- ssh_keys = {
- 'rsa1':'ssh_host_key',
- 'rsa':'ssh_host_rsa_key',
- 'dsa':'ssh_host_dsa_key',
- }
- for (algorithm, keyfile) in ssh_keys.items():
- createSshKey(algorithm, keyfile)
- sshd = iutil.find_program_in_path("sshd")
- args = [sshd, "-f", "/etc/ssh/sshd_config.anaconda"]
- os.execv(sshd, args)
- sys.exit(1)
--
1.7.4
_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
