Fuel for OpenStack

Need to disable GSSAPIAuthentication in /etc/ssh/sshd_config

Bug #1327988 reported by Timur Nurlygayanov on 2014-06-09

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Fuel for OpenStack	Fix Released	Low	Matthew Mosesohn	Fuel for OpenStack 5.1
	5.0.x	Won't Fix	Low	Matthew Mosesohn	Fuel for OpenStack 5.0.2

Bug Description

Steps to Reproduce:
1. Install Fuel master node
2. Login to this nove via ssh

Observed Result:
User should want several secconds before the password promt (this is known issue of CentOS default configuration)

Expected Result:
User want to enter password without timeout with several secconds.

How we can fix it:
by default we can see in the /etc/ssh/sshd_config file:
# GSSAPIAuthentication no
but this is settings actually is enabled (iit is strange, but it is true)
to fix this problem we should remove '#' in this line, save the file and restart sshd:
root# cat /etc/ssh/sshd_config
...
GSSAPIAuthentication no
...

root# service sshd restart

Matthew Mosesohn (raytrac3r) on 2014-07-14

Changed in fuel:
assignee:	nobody → Matthew Mosesohn (raytrac3r)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-07-15: Fix proposed to fuel-library (master)

Fix proposed to branch: master
Review: https://review.openstack.org/107049

Changed in fuel:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-07-16: Fix merged to fuel-library (master)

Reviewed: https://review.openstack.org/107049
Committed: https://git.openstack.org/cgit/stackforge/fuel-library/commit/?id=7dd412c26db1bae0bb465a2dbe13ecb449eca71b
Submitter: Jenkins
Branch: master

commit 7dd412c26db1bae0bb465a2dbe13ecb449eca71b
Author: Matthew Mosesohn <email address hidden>
Date: Tue Jul 15 17:27:37 2014 +0400

Disable sshd GSSAPI auth

    GSSAPI is not currently implemented in Fuel, so
    it only slows incoming SSH connections. Disabling
    it will enhance user experience.

Change-Id: I935e7c383e24663296c938e32b12682086d6797b
Closes-Bug: #1327988

Changed in fuel:
status:	In Progress → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-08-14: Fix proposed to fuel-library (stable/5.0)

Fix proposed to branch: stable/5.0
Review: https://review.openstack.org/114267

Revision history for this message

Anastasia Palkina (apalkina) wrote on 2014-08-18:

Verified on ISO #448
"build_id": "2014-08-18_02-01-17",
"ostf_sha": "d2a894d228c1f3c22595a77f04b1e00d09d8e463",
"build_number": "448",
"auth_required": true,
"api": "1.0",
"nailgun_sha": "bc9e377dbe010732bc2ba47161ed9d433998e07b",
"production": "docker",
"fuelmain_sha": "08f04775dcfadd8f5b438a31c63e81f29276b7d3",
"astute_sha": "8e1db3926b2320b30b23d7a772122521b0d96166",
"feature_groups": ["mirantis", "experimental"],
"release": "5.1",
"fuellib_sha": "2c9ad4aec9f3b6fc060cb5a394733607f07063c1"

# GSSAPI options
GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

Changed in fuel:
status:	Fix Committed → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-08-21:

Fix proposed to branch: stable/5.0
Review: https://review.openstack.org/116044

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-08-21: Change abandoned on fuel-library (stable/5.0)

Change abandoned by Sergii Golovatiuk (<email address hidden>) on branch: stable/5.0
Review: https://review.openstack.org/114267

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-08-26: Fix merged to fuel-library (stable/5.0)

Reviewed: https://review.openstack.org/116044
Committed: https://git.openstack.org/cgit/stackforge/fuel-library/commit/?id=339898c690ce29d721403ce28738115aeca29739
Submitter: Jenkins
Branch: stable/5.0

commit 339898c690ce29d721403ce28738115aeca29739
Author: Matthew Mosesohn <email address hidden>
Date: Tue Jul 15 17:27:37 2014 +0400

Disable sshd GSSAPI auth

    GSSAPI is not currently implemented in Fuel, so
    it only slows incoming SSH connections. Disabling
    it will enhance user experience.

Change-Id: I935e7c383e24663296c938e32b12682086d6797b
Closes-Bug: #1327988

Revision history for this message

Andrew Woodward (xarses) wrote on 2014-08-26:

We won't be fixing low or medium bugs for 5.0.x any longer. If this needs to be addressed we need to increase priority

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.