userdir-ldap-charms

/etc/ssh/sshd_config changed before new keys imported

Bug #1959992 reported by Connor Chamberlain
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
userdir-ldap-charms
Won't Fix
High
Unassigned

Bug Description

I had a failed deployment of userdir-ldap result in loss of connection to an entire cloud. This seemed to be caused by userdir-ldap modifying /etc/ssh/sshd_config to ignore ~/.ssh/authorized_keys in favor of /etc/ssh/user-authorized-keys/%u and /var/lib/misc/userkeys/%u. This is fine, except the installation failed due to an issue with my fdqn, resulting in an inability to ssh to the cloud because nothing existed in /etc/ssh/user-authorized-keys/ or /var/lib/misc/userkeys/.

This charm should probably import the ldap keys and have them available before modifying /etc/ssh/sshd_config to prevent this edge case.

Revision history for this message
Paul Goins (vultaire) wrote :

This occurred on another cloud.

The "local" userdir-ldap procedure was run on the first infra, so access still worked there since keys were installed to the expected locations. However, the /etc/ssh/sshd_config changes on the other 2 infras broke access since keys weren't in the /etc/ssh/user-authorized-keys/ nor /var/lib/misc/userkeys/ locations.

Andrea Ieri (aieri)
Changed in charm-userdir-ldap:
status: New → Triaged
importance: Undecided → High
information type: Proprietary → Public
Revision history for this message
Eric Chen (eric-chen) wrote :

Migrate to https://github.com/canonical/charm-userdir-ldap/issues/2

Changed in charm-userdir-ldap:
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.