tripleo

sshd complains about missing /etc/ssh/ssh_host_dsa_key

Bug #1730351 reported by Martin André on 2017-11-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	Medium	Cédric Jeanneret deactivated	tripleo queens-2

Bug Description

We've seen this happening in CI, the /var/log/messages is littered with warning messages coming from sshd:

Nov 6 06:27:32 centos-7-vexxhost-ca-ymq-1-0000733323 sshd[6094]: error: Could not load host key: /etc/ssh/ssh_host_dsa_key
Nov 6 06:27:32 centos-7-vexxhost-ca-ymq-1-0000733323 sshd[6094]: Accepted publickey for zuul from 127.0.0.1 port 58638 ssh2: RSA SHA256:3jcD6WvhmuYIGV3p+NQw8Pc9ala0Iin6wOXZpC/MMUc
Nov 6 06:27:32 centos-7-vexxhost-ca-ymq-1-0000733323 systemd-logind: New session 211 of user zuul.
Nov 6 06:27:32 centos-7-vexxhost-ca-ymq-1-0000733323 systemd: Started Session 211 of user zuul.
Nov 6 06:27:32 centos-7-vexxhost-ca-ymq-1-0000733323 systemd: Starting Session 211 of user zuul.

http://logs.openstack.org/64/510464/23/check/legacy-tripleo-ci-centos-7-scenario003-multinode-oooq/6519e2c/logs/undercloud/var/log/messages.txt.gz#_Nov__6_06_27_32

While not critical - zuul can connect to the node - it would be nice to set the "HostKey" option in sshd config to a more recent algo, and get rid of the warning.

Tags:

Martin André (mandre) on 2017-11-06

Changed in tripleo:
status:	New → Triaged
importance:	Undecided → Medium
milestone:	none → queens-2

Cédric Jeanneret deactivated (cjeanneret-c2c-deactivated) on 2017-11-06

Changed in tripleo:
assignee:	nobody → Cédric Jeanneret (cjeanneret-c2c)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-11-06: Fix proposed to puppet-tripleo (master)

Fix proposed to branch: master
Review: https://review.openstack.org/517903

Changed in tripleo:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-11-07: Fix merged to puppet-tripleo (master)

Reviewed: https://review.openstack.org/517903
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=1b4f5d0ec610743f32ac1de0c918cf39fd104575
Submitter: Zuul
Branch: master

commit 1b4f5d0ec610743f32ac1de0c918cf39fd104575
Author: Cédric Jeanneret <email address hidden>
Date: Mon Nov 6 10:47:36 2017 +0100

Ensure sshd has proper configuration for its HostKey.

    Since DSA is deprecated, sshd doesn't generate it anymore, though it
    still wants to load it at startup. Adding the HostKey options should
    prevent that, and allow to get cleaner logs in the CI (and on deployed
    openstack as well ;).

Change-Id: I5580fa86f8adef7d598b76836a0419b341a8bc9c
Closes-Bug: 1730351

Changed in tripleo:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-12-04: Fix included in openstack/puppet-tripleo 8.1.0

This issue was fixed in the openstack/puppet-tripleo 8.1.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.