Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1365727 - [WALA] sshd error because waagent deletes all ssh_host_* keys and only creates the specified key pair during provisioning
Summary: [WALA] sshd error because waagent deletes all ssh_host_* keys and only create...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: WALinuxAgent
Version: 7.3
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: yuxisun@redhat.com
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-10 05:14 UTC by yuxisun@redhat.com
Modified: 2019-02-26 20:57 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-04 08:30:38 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github Azure WALinuxAgent issues 353 None None None 2016-08-10 05:14:41 UTC

Description yuxisun@redhat.com 2016-08-10 05:14:41 UTC
Description of problem:
If Provisioning.RegenerateSshHostKeyPair=y, waagent deletes all the ssh_host_* keys and only generate the key pair of specified type, which makes sshd record error logs in the /var/log/messages.

Version-Release number of selected component (if applicable):
WALinuxAgent-2.1.5 (upstream, package by tester)

RHEL Version:
RHEL-7.3-20160729.1

How reproducible:
100%

Steps to Reproduce:
1. Provision a RHEL7.3 VM on Azure with the following parameters in the /etc/waagent.conf:
Provisioning.RegenerateSshHostKeyPair=y
Provisioning.SshHostKeyPairType=rsa
2. Check /var/log/messages

Actual results:
/var/log/messages:
Aug  9 17:31:42 localhost sshd[10656]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Aug  9 17:31:42 localhost sshd[10656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key

Expected results:
No error logs in the messages

Additional info:
The root cause is waagents delete all the ssh_host_* during provisioning and deprovisioning if set Provisioning.RegenerateSshHostKeyPair=y.
Suggest that waagent only deletes the key pairs with the specified type. (Such as, if Provisioning.SshHostKeyPairType=rsa, only delete ssh_host_rsa_key*)

Comment 2 Bin Han 2016-09-02 03:29:32 UTC
Verify the bug

Version:
WALinuxAgent-2.1.6
RHEL Version: RHEL-7.3-20160825.1
Python Version: 2.7.5

Steps to verify:
1. Provision a RHEL7.3 VM on Azure with the following parameters in the /etc/waagent.conf:
Provisioning.RegenerateSshHostKeyPair=y
Provisioning.SshHostKeyPairType=rsa
2. Check /var/log/messages

Result:
No error logs in the messages.There are ssh_host_ecdsa_keys in /etc/ssh.
[root@hbvm0902d ~]# ls -l /etc/ssh/
total 276
-rw-r--r--. 1 root root     242153 Jul 29 04:04 moduli
-rw-r--r--. 1 root root       2208 Jul 29 04:04 ssh_config
-rw-------. 1 root root       4406 Sep  1 23:01 sshd_config
-rw-r-----. 1 root ssh_keys    227 Sep  1 23:01 ssh_host_ecdsa_key
-rw-r--r--. 1 root root        162 Sep  1 23:01 ssh_host_ecdsa_key.pub
-rw-r-----. 1 root ssh_keys    387 Sep  1 23:01 ssh_host_ed25519_key
-rw-r--r--. 1 root root         82 Sep  1 23:01 ssh_host_ed25519_key.pub
-rw-------. 1 root root       1675 Sep  1 23:01 ssh_host_rsa_key
-rw-r--r--. 1 root root        396 Sep  1 23:01 ssh_host_rsa_key.pub

Comment 3 yuxisun@redhat.com 2016-11-04 08:30:38 UTC

*** This bug has been marked as a duplicate of bug 1387783 ***


Note You need to log in before you can comment on or make changes to this bug.