Skip to content

backends: LXD: fix SSH login for ubuntu-22.04#179

Closed
thp-canonical wants to merge 2 commits intocanonical:masterfrom
thp-canonical:lxd-ubuntu-22.04-tune-ssh
Closed

backends: LXD: fix SSH login for ubuntu-22.04#179
thp-canonical wants to merge 2 commits intocanonical:masterfrom
thp-canonical:lxd-ubuntu-22.04-tune-ssh

Conversation

@thp-canonical
Copy link
Contributor

@thp-canonical thp-canonical commented Feb 21, 2024
edited
Loading

This fixes the issue that SSH login wouldn't work after a ubuntu-22.04 image is deployed.

While tuneSSH() tries to set PasswordAuthentication to yes in /etc/ssh/sshd_config, Ubuntu 22.04 images in LXD have a file /etc/ssh/sshd_config.d/60-cloudimg-settings.conf that contains "PasswordAuthentication no", and this file is sourced by /etc/ssh/sshd_config.

Fix this by also seding all files matching /etc/ssh/sshd_config.d/*, but ignore failures of this command, as Ubuntu 20.04 and older don't have /etc/ssh/sshd_config.d (or files that match the glob above).

Related links: https://superuser.com/a/1828947

@thp-canonical
Copy link
Contributor Author

thp-canonical commented Feb 21, 2024

Related issue in other backends, probably we should align with those:

@thp-canonical thp-canonical force-pushed the lxd-ubuntu-22.04-tune-ssh branch 2 times, most recently from b0438af to c6220b5 Compare February 26, 2024 08:19
@thp-canonical thp-canonical force-pushed the lxd-ubuntu-22.04-tune-ssh branch from c6220b5 to 3954505 Compare February 26, 2024 08:21
@thp-canonical thp-canonical mentioned this pull request Feb 26, 2024
Closed
@slyon
Copy link

slyon commented Mar 13, 2024

I'm interested in this fix. It sounds like it could fix the spread test issue we're seeing in Netplan's CI:

Run ~/go/bin/spread -v lxd:
202[4](https://github.com/canonical/netplan/actions/runs/8265397396/job/22610944314#step:5:5)-03-13 13:22:3[5](https://github.com/canonical/netplan/actions/runs/8265397396/job/22610944314#step:5:6) Found /home/runner/work/netplan/netplan/spread.yaml.
2024-03-13 13:22:35 Project content is packed for delivery (1.01MB).
2024-03-13 13:22:35 Sequence of jobs produced with -seed=171033[6](https://github.com/canonical/netplan/actions/runs/8265397396/job/22610944314#step:5:7)155
2024-03-13 13:22:35 If killed, discard servers with: spread -reuse-pid=4596 -discard
2024-03-13 13:22:35 Allocating lxd:ubuntu-22.04...
2024-03-13 13:22:3[7](https://github.com/canonical/netplan/actions/runs/8265397396/job/22610944314#step:5:8) Cannot find cached LXD image for lxd:ubuntu-22.04.
2024-03-13 13:23:03 Waiting for lxd container spread-1-ubuntu-22-04 to have an address...
2024-03-13 13:23:05 Allocated lxd:ubuntu-22.04 (spread-1-ubuntu-22-04).
2024-03-13 13:23:05 Connecting to lxd:ubuntu-22.04 (spread-1-ubuntu-22-04)...
2024-03-13 13:24:05 Discarding lxd:ubuntu-22.04 (spread-1-ubuntu-22-04), cannot connect: cannot connect to lxd:ubuntu-22.04 (spread-1-ubuntu-22-04): ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain
2024-03-13 13:24:0[8](https://github.com/canonical/netplan/actions/runs/8265397396/job/22610944314#step:5:9) Successful tasks: 0
error: unsuccessful run
2024-03-[13](https://github.com/canonical/netplan/actions/runs/8265397396/job/22610944314#step:5:14) 13:24:08 Aborted tasks: 2
Error: Process completed with exit code 1.

@bboozzoo bboozzoo mentioned this pull request Mar 13, 2024
Merged
ZeyadYasser
ZeyadYasser reviewed Mar 19, 2024
View reviewed changes
Copy link
Contributor

@ZeyadYasser ZeyadYasser left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for catching this, Maybe let's wait for the fix to be merged in the google backend #155? and then backport it to all other providers so that the fix is consistent across all of them.

ZeyadYasser
ZeyadYasser reviewed Mar 25, 2024
View reviewed changes
Copy link
Contributor

@ZeyadYasser ZeyadYasser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for the fix, just a small nitpick

@thp-canonical @ZeyadYasser
Update spread/lxd.go
d738487 
Co-authored-by: Zeyad Yasser <[email protected]>
ZeyadYasser
ZeyadYasser approved these changes Mar 26, 2024
View reviewed changes
Copy link
Contributor

@ZeyadYasser ZeyadYasser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, Thank you!

slyon added a commit to slyon/netplan that referenced this pull request May 21, 2024
@slyon
CI: fork spread to get canonical#179 fixes
bed93a7 
See canonical/spread#179
@slyon slyon mentioned this pull request May 21, 2024
Merged
5 tasks
slyon added a commit to slyon/netplan that referenced this pull request May 21, 2024
@slyon
CI: fork spread to get canonical#179 fixes
c42dfec 
See canonical/spread#179
slyon added a commit to slyon/netplan that referenced this pull request May 21, 2024
@slyon
CI: fork spread to get canonical#179 fixes
66a5da6 
See canonical/spread#179
slyon added a commit to canonical/netplan that referenced this pull request May 21, 2024
@slyon
CI: fork spread to get #179 fixes
41d2319 
See canonical/spread#179
daniloegea pushed a commit to canonical/netplan that referenced this pull request Jul 3, 2024
@slyon @daniloegea
CI: fork spread to get #179 fixes
ced40dc 
See canonical/spread#179
@verterok
Copy link

verterok commented Jul 23, 2024

Hi,
This is affecting me and my team too.
any chance to get this landed?

Thanks!

@javierdelapuente javierdelapuente mentioned this pull request Aug 12, 2024
Closed
cmatsuoka
cmatsuoka reviewed Sep 3, 2024
View reviewed changes
spread/lxd.go
func (p *lxdProvider) tuneSSH(name string) error {
cmds := [][]string{
{"sed", "-i", `s/^\s*#\?\s*\(PermitRootLogin\|PasswordAuthentication\)\>.*/\1 yes/`, "/etc/ssh/sshd_config"},
{"/bin/bash", "-c", `sed -i 's/^\s*\(PermitRootLogin\|PasswordAuthentication\)\>.*/# COMMENTED OUT BY SPREAD: \0/' /etc/ssh/sshd_config.d/* || true`},
Copy link
Collaborator

@cmatsuoka cmatsuoka Sep 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The SSH daemon uses the first value it finds for a given configuration entry if it appears multiple times, so just adding the 00 line below should be enough?

@cmatsuoka
Copy link
Collaborator

cmatsuoka commented Dec 5, 2024

Superseded by #184

@cmatsuoka cmatsuoka closed this Dec 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cmatsuoka cmatsuoka cmatsuoka left review comments

+1 more reviewer

@ZeyadYasser ZeyadYasser ZeyadYasser approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@thp-canonical @slyon @verterok @cmatsuoka @ZeyadYasser