0.7.5: parse_ssh_config failing in ssh_util.py

Bug #1391303 reported by Mark Horstman on 2014-11-10
4
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cloud-init
Undecided
Dan Watkins

Bug Description

I've been successfully using cloud-init 0.7.4 in a centos 6.5 image I created under an icehouse environment we're running. When I recently created a new centos 6.5 image and yum installed cloud-init (from http://download.fedoraproject.org/pub/epel/6/x86_64) , I got 0.7.5 (cloud-init.x86_64 0:0.7.5-10.el6.centos.2). 0.7.5 is failing in places 0.7.4 wasn't like setting up the ssh keys for the user. I turned on DEBUG for cloud-init console logging in /etc/cloud/cloud.cfg.d/05_logging.cfg:

   [handler_consoleHandler]
   class=StreamHandler
   level=DEBUG
   formatter=arg0Formatter
   args=(sys.stderr,)

and here's /var/log/cloud-init-output.log http://pastebin.ubuntu.com/8869713/

Attached is a zip file containing copies of my /etc/ssh/sshd_config temporary keys I used that were generated via the OpenStack gui.

Related branches

Mark Horstman (mah042) wrote :
Mark Horstman (mah042) wrote :

It seems to have something to do with the last line I added to /etc/ssh/sshd_config:
PermitRootLogin=no

If I remove that line, parse_ssh_config() in ssh_util.py no longer fails

I've experienced issues with 2.7.4 and a similar append of lines to sshd_config. cloud-init appears to eat a terminal newline, leaving the file without one, which alone can cause problems that are only made worse by future edits like:

echo "PermitRootLogin without-password" >>/etc/ssh/sshd_config

in that this can result in the last line of the file looking like:

ServerAliveInterval 300PermitRootLogin without-password

which prevents sshd from starting at next reboot. I've taken to echoing several blank lines onto the end of the file to avoid this.

--aad

> It seems to have something to do with the last line I added to /etc/ssh/sshd_config:
> PermitRootLogin=no
>
> If I remove that line, parse_ssh_config() in ssh_util.py no longer fails
>
> --
> You received this bug notification because you are subscribed to cloud-
> init.
> Matching subscriptions: cloud-init
> https://bugs.launchpad.net/bugs/1391303
>
> Title:
> 0.7.5: parse_ssh_config failing in ssh_util.py
>
> Status in Init scripts for use on cloud images:
> New
>
> Bug description:
> I've been successfully using cloud-init 0.7.4 in a centos 6.5 image I
> created under an icehouse environment we're running. When I recently
> created a new centos 6.5 image and yum installed cloud-init (from
> http://download.fedoraproject.org/pub/epel/6/x86_64) , I got 0.7.5
> (cloud-init.x86_64 0:0.7.5-10.el6.centos.2). 0.7.5 is failing in
> places 0.7.4 wasn't like setting up the ssh keys for the user. I
> turned on DEBUG for cloud-init console logging in
> /etc/cloud/cloud.cfg.d/05_logging.cfg:
>
> [handler_consoleHandler]
> class=StreamHandler
> level=DEBUG
> formatter=arg0Formatter
> args=(sys.stderr,)
>
> and here's /var/log/cloud-init-output.log
> http://pastebin.ubuntu.com/8869713/
>
> Attached is a zip file containing copies of my /etc/ssh/sshd_config
> temporary keys I used that were generated via the OpenStack gui.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/cloud-init/+bug/1391303/+subscriptions

Mark Horstman (mah042) wrote :

It would seem cloud-init doesn't like the "=" in "PermitRootLogin=no" in /etc/ssh/sshd_config. Also, something, I assume cloud-init, is removing the last <LF> from /etc/ssh/sshd_config.

If I change the /etc/ssh/sshd_config line I added from:
PermitRootLogin=no
to:
PermitRootLogin no

it no longer fails. Sshd does not complain about the "=".

It would seem cloud-init can't deal with "=" as var/val assignments in /etc/ssh/sshd_config and it's erroneously removing the last <LF> from the file (/etc/ssh/sshd_config).

This is strictly a guess based upon the behavior observed through trial and error, I have not examined the source code.

Dan Watkins (daniel-thewatkins) wrote :

I'm looking at fixing the '=' problem now.

Changed in cloud-init:
assignee: nobody → Daniel Watkins (daniel-thewatkins)
status: New → In Progress
Dan Watkins (daniel-thewatkins) wrote :

The attached branch should fix the '=' problem.

Joshua Harlow (harlowja) on 2014-11-22
Changed in cloud-init:
status: In Progress → Fix Committed
tags: added: cloud-init-0.7.7
Scott Moser (smoser) wrote :

This is fixed in cloud-init 0.7.7.

Changed in cloud-init:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments