Ubuntu
openssh package

cannot log into trusty ubuntu-cloud based LXC containers

Bug #1317592 reported by Reed O'Brien
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

freenode #ubuntu-server pointed me to create the bug here. Not sure if it belongs here or elsewhere.

Create a container like so:
 $ sudo lxc-create -t ubuntu-cloud -n base -- -S ~/.ssh/id_rsa.pub -r trusty

Start it:
 $ sudo lxc-start -d -n base

Attach to the container:
 $ sudo lxc-attach -n base

Try to login (fails with too many authentication errors):
 $ ssh -i ~/.ssh/id_rsa ubuntu@`dig @10.0.3.1 base` -v

Look at logs (/var/log/auth.log) on attached container and see:
 - error: Could not load host key: /etc/ssh/ssh_host_ed25519_key

Work around by manually creating key:
 $ sudo /usr/bin/ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ''
 $ sudo service ssh restart

Login now works.

System info:
 $ lsb_release -a
  No LSB modules are available.
  Distributor ID: Ubuntu
  Description: Ubuntu 14.04 LTS
  Release: 14.04
  Codename: trusty

OpenSSH version: OpenSSH_6.6p1 Ubuntu-2ubuntu1, OpenSSL 1.0.1f 6 Jan 2014

LXC version: 1.0.3

See original description
Reed O'Brien (reedobrien)
description: updated
description: updated
Revision history for this message
Don Spaulding II (donspauldingii) wrote :

I can also confirm that this affects the Vagrant box located at: http://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box

After first boot up running 'sudo sshd -t' generates the error:

    Could not load host key: /etc/ssh/ssh_host_ed25519_key

If `vagrant reload` is run before the key is generated by hand, then the VM will become unresponsive as the SSH daemon will not start. Generating the key manually prior to first reboot works around the issue.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Revision history for this message
Don Spaulding II (donspauldingii) wrote :

I think this bug is occurs on non-containerized VMs.

Launchpad Janitor (janitor)
Changed in openssh (Ubuntu):
status: New → Confirmed
Don Spaulding II (donspauldingii)
affects: lxc → openssh (Ubuntu)
Revision history for this message
Robie Basak (racb) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

It's not clear to me if this would be an issue with openssh, lxc or cloud-init. But I was unable to reproduce your issue.

I had to make a couple of amendments to your instructions.

First, I presume your lxc-attach is run in a separate terminal to the ssh command (ie. you're trying to ssh from the host, and not the container)?

Second, `dig @10.0.3.1 base` didn't work for me. Instead, I used "lxc-info -n base" to look up the IP address of the container.

Apart from this, I was unable to reproduce the issue. I do see "error: Could not load host key: /etc/ssh/ssh_host_ed25519_key" but this does not appear to affect anything:

root@base:~# tail /var/log/auth.log
May 29 11:39:43 base sshd[664]: Server listening on 0.0.0.0 port 22.
May 29 11:39:43 base sshd[664]: Server listening on :: port 22.
May 29 11:39:43 base chpasswd[800]: pam_unix(chpasswd:chauthtok): password chang
ed for ubuntu
May 29 11:39:59 base sshd[833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 29 11:40:01 base sshd[833]: Accepted publickey for ubuntu from 10.0.3.1 port 44665 ssh2: RSA 5f:b2:ac:34:3f:50:62:99:64:d1:d7:78:4e:4a:83:00
May 29 11:40:01 base sshd[833]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
May 29 11:40:01 base systemd-logind[572]: Failed to create cgroup name=systemd:/user/1000.user/30.session/user/1000.user: No such file or directory
May 29 11:40:01 base sshd[833]: pam_systemd(sshd:session): Failed to create session: No such file or directory
May 29 11:40:27 base sudo: ubuntu : TTY=pts/0 ; PWD=/etc/ssh ; USER=root ; COMMAND=/bin/bash
May 29 11:40:27 base sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0)

root@base:/# dpkg-query -W openssh-server cloud-init
cloud-init 0.7.5-0ubuntu1
openssh-server 1:6.6p1-2ubuntu1
root@base:/# cat /etc/cloud/build.info
build_name: server
serial: 20140416.1
root@base:/#

It looks like my cloud image is current, but it does not include openssh-server 1:6.6p1-2ubuntu2.

Please could you try to reproduce again on a fresh instance, to verify that nothing has changed? Also, please report the cloud image build information as well as the package versions you have of openssh-server and cloud-init as above. Marking Incomplete in the meantime, since I cannot reproduce with the instructions given. Please change back to New when done. Thanks!

Changed in openssh (Ubuntu):
status: New → Incomplete
Revision history for this message
Robie Basak (racb) wrote :

Perhaps also include more of your auth.log, as that line appears to be a red herring?

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for openssh (Ubuntu) because there has been no activity for 60 days.]

Changed in openssh (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.