Fuel for OpenStack

OpenSSH filling up auth.log due to missing ed25519 host key file

Bug #1484693 reported by Rene Soto
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Fix Released
High
Alex Schultz
Fuel for OpenStack 7.0
6.1.x
Fix Released
High
Alexey Khivin
Fuel for OpenStack 6.1-mu-3
7.0.x
Fix Released
High
Alex Schultz
Fuel for OpenStack 7.0

Bug Description

In a 6.1 Fuel environment based on Ubuntu, it appears that OpenSSH logs the following message every time an SSH connection is attempted on a controller:
Could not load host key: /etc/ssh/ssh_host_ed25519_key

While SSH connections are successful, this message is silently logged to /var/log/auth.log due to the ed25519 host key file missing in /etc/ssh. In larger environments, it has even generated 100,000+ message in a one-hour timeframe.

This issue is resolved by running "ssh-keygen -A" which generates the host keys that do not exist, however, this is something that has to be done manually at this time.

Revision history for this message
Alex Schultz (alex-schultz) wrote :

Confirmed this error message happens when you ssh to an ubuntu machine.

<35>Aug 13 21:37:52 node-1 sshd[10269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key

So if there is a constant stream of ssh port checks (ie from monitoring), this may fill logs.

Changed in fuel:
status: New → Confirmed
importance: Undecided → High
tags: added: customer-found
Changed in fuel:
assignee: nobody → Fuel Library Team (fuel-library)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-library (master)

Fix proposed to branch: master
Review: https://review.openstack.org/212809

Changed in fuel:
assignee: Fuel Library Team (fuel-library) → Alex Schultz (alex-schultz)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-library (master)

Reviewed: https://review.openstack.org/212809
Committed: https://git.openstack.org/cgit/stackforge/fuel-library/commit/?id=5deba2244432de11267965017a2b90a079dbad82
Submitter: Jenkins
Branch: master

commit 5deba2244432de11267965017a2b90a079dbad82
Author: Alex Schultz <email address hidden>
Date: Thu Aug 13 16:55:55 2015 -0500

    Ensure all ssh host keys are generated

    In order to prevent address logging issues when some host ssh keys are
    missing, we need to run a ssh-keygen -A as part of our ssh server setup
    on Ubuntu.

    Change-Id: I7e91798b638b9726cccaf395e8219ecb31d69e82
    Closes-Bug: 1484693

Changed in fuel:
status: In Progress → Fix Committed
Revision history for this message
Bartłomiej Piotrowski (bpiotrowski) wrote :

Verified on 7.0-259.

root@node-1:~# ls -1 /etc/ssh/*_key{,.pub}
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_dsa_key.pub
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_ecdsa_key.pub
/etc/ssh/ssh_host_ed25519_key
/etc/ssh/ssh_host_ed25519_key.pub
/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_key.pub
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key.pub

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-library (stable/6.1)

Fix proposed to branch: stable/6.1
Review: https://review.openstack.org/223073

Roman Rufanov (rrufanov)
tags: added: support
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-library (stable/6.1)

Reviewed: https://review.openstack.org/223073
Committed: https://git.openstack.org/cgit/stackforge/fuel-library/commit/?id=74691feb0870f20c695630c4f90be546b46cba3a
Submitter: Jenkins
Branch: stable/6.1

commit 74691feb0870f20c695630c4f90be546b46cba3a
Author: Alex Schultz <email address hidden>
Date: Thu Aug 13 16:55:55 2015 -0500

    Ensure all ssh host keys are generated

    In order to prevent address logging issues when some host ssh keys are
    missing, we need to run a ssh-keygen -A as part of our ssh server setup
    on Ubuntu.

    Change-Id: I7e91798b638b9726cccaf395e8219ecb31d69e82
    Closes-Bug: 1484693
    (cherry picked from commit 5deba2244432de11267965017a2b90a079dbad82)

Revision history for this message
Vitaly Sedelnik (vsedelnik) wrote :

Reassigned to Alexey Khivin to create release notes entry for MOS 6.1 MU 3

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.