-
Bug
-
Resolution: Done
-
Normal
-
4.13.z
-
Moderate
-
No
-
1
-
Sprint 242 - OSIntegration, Sprint 243 - OSIntegration
-
2
-
False
-
-
-
Description of problem:
When updating OCP 4.12.25 to OCP 4.13.6 with a ssshd_config modified, ssh logins are no longer possible. With OCP 4.13 we introduced ssh-key-dir which is reading ssh user keys from /var/home/core/.ssh/authorized_keys.d and would require sshd_config is added `Include /etc/ssh/ssh_config.d/*.conf`. This works if sshd_config is not altered, however if it is, it is not touched by the upgrade process and ssh login is no longer possible
Version-Release number of selected component (if applicable):
OCP 4.13.6 updated from 4.12.25 with changed sshd_config
How reproducible:
install OCP 4.12.25 , change sshd_config (allow password login), set password for core user, upgrade to 4.13.6
Steps to Reproduce:
1. Install OCP 4.12.25 disconnected 2. set core user password $ ssh -t sno "echo core:<password> |sudo /sbin/chpasswd" 3. change sshd_config to allow password login and validate and restart sshd $ ssh -t sno "sudo /bin/sed 's/PasswordAuthentication no/PasswordAuthentication yes/' -i /etc/ssh/sshd_config" $ ssh -t sno sudo grep PasswordAuthentication /etc/ssh/sshd_config $ ssh -t sno sudo systemctl restart sshd 4. validate login via password (from a node not having the key 5. upgrade to OCP 4.13.6 6. try to login to system as user core via password or w/ key --> failing 7. use oc node debug node/<nodename> ,check sshd_config and find `Include /etc/ssh/ssh_config.d/*.conf`. is missing
Actual results:
login via ssh no longer possible
Expected results:
ssh login possible
Additional info:
none
- is cloned by
-
-
- Closed
-
- is depended on by
-
-
- Closed
-
- relates to
-
-
- Closed
-
- links to
(1 links to)
