In this take: 1) sshd is started always, regardless of sshd boot option, (as in s390x) with empty root password. 2) sshpw kickstart command works, so root/users passwords can be set, but this happens in anaconda so between sshd and anaconda is run there is root ssh access without password. Is this ok for alpha2? To achieve original behaviour we'll need to parse sshd option in dracut and change sshd (and/or perhaps anaconda/sshd systemd) configuration files in dracut. Setting passwords (at least for root) already in dracut may be needed. I'd need to consult this with Will, or leave it to him. Resolves: rhbz#824580 --- data/systemd/anaconda.target | 1 + pyanaconda/sshd.py | 46 ++++------------------------------------- 2 files changed, 6 insertions(+), 41 deletions(-) diff --git a/data/systemd/anaconda.target b/data/systemd/anaconda.target index 983ff3b..1af847d 100644 --- a/data/systemd/anaconda.target +++ b/data/systemd/anaconda.target @@ -9,3 +9,4 @@ Wants=rsyslog.service Wants=udev-settle.service Wants=NetworkManager.service Wants=plymouth-quit.service plymouth-quit-wait.service +Wants=sshd.service diff --git a/pyanaconda/sshd.py b/pyanaconda/sshd.py index b6c9372..300d943 100644 --- a/pyanaconda/sshd.py +++ b/pyanaconda/sshd.py @@ -23,34 +23,16 @@ import logging import os, sys log = logging.getLogger("anaconda") -import iutil import users from flags import flags from constants import ROOT_PATH -def createSshKey(algorithm, keyfile): - path = '/etc/ssh/%s' % (keyfile,) - argv = ['-q','-t',algorithm,'-f',path,'-C','','-N',''] - if os.access(path, os.R_OK): - return - log.debug("running \"%s\"" % (" ".join(['ssh-keygen']+argv),)) - - so = "/tmp/ssh-keygen-%s-stdout.log" % (algorithm,) - se = "/tmp/ssh-keygen-%s-stderr.log" % (algorithm,) - iutil.execWithRedirect('ssh-keygen', argv, stdout=so, stderr=se) - def doSshd(anaconda): - if flags.sshd: - # we need to have a libuser.conf that points to the installer root for - # sshpw, but after that we start sshd, we need one that points to the - # install target. - luserConf = users.createLuserConf(instPath="") - handleSshPw(anaconda) - startSsh() - del(os.environ["LIBUSER_CONF"]) - else: - log.info("sshd: not enabled, skipping.") - + # we need to have a libuser.conf that points to the installer root for + # sshpw, but after that we need one that points to the install target. + luserConf = users.createLuserConf(instPath="") + handleSshPw(anaconda) + del(os.environ["LIBUSER_CONF"]) users.createLuserConf(ROOT_PATH) def handleSshPw(anaconda): @@ -70,21 +52,3 @@ def handleSshPw(anaconda): u.createUser(ud.username, **kwargs) del u - -def startSsh(): - if iutil.isS390(): - return - - if not iutil.fork_orphan(): - os.open("/var/log/lastlog", os.O_RDWR | os.O_CREAT, 0644) - ssh_keys = { - 'rsa1':'ssh_host_key', - 'rsa':'ssh_host_rsa_key', - 'dsa':'ssh_host_dsa_key', - } - for (algorithm, keyfile) in ssh_keys.items(): - createSshKey(algorithm, keyfile) - sshd = iutil.find_program_in_path("sshd") - args = [sshd, "-f", "/etc/ssh/sshd_config.anaconda"] - os.execv(sshd, args) - sys.exit(1) -- 1.7.4 _______________________________________________ Anaconda-devel-list mailing list Anaconda-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/anaconda-devel-list