Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1512505 - [WALA][RHEL-6] Set "Provisioning.SshHostKeyPairType=auto" causes provisioning fail in RHEL-6
Summary: [WALA][RHEL-6] Set "Provisioning.SshHostKeyPairType=auto" causes provisioning...
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: WALinuxAgent
Version: 6.10
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Vitaly Kuznetsov
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-13 11:59 UTC by yuxisun@redhat.com
Modified: 2019-01-09 06:03 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github Azure WALinuxAgent issues 941 None None None 2017-11-13 11:59:26 UTC

Description yuxisun@redhat.com 2017-11-13 11:59:26 UTC
Description of problem:
In RHEL-6, if set Provisioning.SshHostKeyPairType=auto, the provisioning will fail. Because the 'ssh-keygen -A' command is not supported.

Version-Release number of selected component (if applicable):
WALinuxAgent-2.2.18-1.el6

RHEL Version:
RHEL-6.9/6.8/6.7
How reproducible: 
100%

Steps to Reproduce: 
1. Prepare a RHEL6.9 VM in Azure. Set "Provisioning.SshHostKeyPairType=auto" in /etc/waagent.conf. Then "waagent -deprovision+user -force", make an image and create a new VM base on it.
2. Try to login through ssh.

Actual results: 
Cannot login. After "reset remote access", can login. There're error logs in /var/log/waagent.log:
2017/11/13 03:24:57.717203 ERROR Command: 'ssh-keygen -A'
2017/11/13 03:24:57.737975 ERROR Return code: 1
2017/11/13 03:24:57.751176 ERROR Result: ssh-keygen: illegal option -- A
usage: ssh-keygen [options]
Options:
  -a trials   Number of trials for screening DH-GEX moduli.
  -B          Show bubblebabble digest of key file.
  -b bits     Number of bits in the key to create.
  -C comment  Provide new comment.
  -c          Change comment in private and public key files.
  -D pkcs11   Download public key from pkcs11 token.
  -e          Convert OpenSSH to RFC 4716 key file.
  -F hostname Find hostname in known hosts file.
  -f filename Filename of the key file.
  -G file     Generate candidates for DH-GEX moduli.
  -g          Use generic DNS resource record format.
  -H          Hash names in known_hosts file.
  -h          Generate host certificate instead of a user certificate.
  -I key_id   Key identifier to include in certificate.
  -i          Convert RFC 4716 to OpenSSH key file.
  -L          Print the contents of a certificate.
  -l          Show fingerprint of key file.
  -M memory   Amount of memory (MB) to use for generating DH-GEX moduli.
  -N phrase   Provide new passphrase.
  -O option   Specify a certificate option.
  -P phrase   Provide old passphrase.
  -p          Change passphrase of private key file.
  -q          Quiet.
  -R hostname Remove host from known_hosts file.
  -r hostname Print DNS resource record.
  -S start    Start point (hex) for generating DH-GEX moduli.
  -s ca_key   Certify keys with CA key.
  -T file     Screen candidates for DH-GEX moduli.
  -t type     Specify type of key to create.
  -V from:to  Specify certificate validity interval.
  -v          Verbose.
  -W gen      Generator to use for generating DH-GEX moduli.
  -y          Read private key file and print public key.
  -Z name,... User/host principal names to include in certificate
  -z serial   Specify a serial number.

2017/11/13 03:24:58.215978 ERROR Command: 'ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub'
2017/11/13 03:24:58.239057 ERROR Return code: 1
2017/11/13 03:24:58.255399 ERROR Result: /etc/ssh/ssh_host_rsa_key.pub: No such file or directory

2017/11/13 03:25:00.514745 ERROR Event: name=WALinuxAgent, op=Provision, message=[000004] Failed to generate ssh host key: ret=1, out= /etc/ssh/ssh_host_rsa_key.pub: No such file or directory
, duration=0
2017/11/13 03:25:00.566516 ERROR Provisioning failed: [000004] Failed to generate ssh host key: ret=1, out= /etc/ssh/ssh_host_rsa_key.pub: No such file or directory


Expected results:
Suggest to add notice messages in /etc/waagent.conf. (Currently the introduction of this parameter is "# Supported values are "rsa", "dsa", "ecdsa", "ed25519", and "auto".")
Or check openssh version before running "ssh-keygen -A" command.
 
Additional info:
If set "Provisioning.SshHostKeyPairType=auto", WALA runs "ssh-keygen -A" command during provisioning, which is supported since OpenSSH 5.9.
In RHEL-6.9, the openssh version is openssh-5.3p1-123

Comment 2 yuxisun@redhat.com 2019-01-09 06:03:33 UTC
This issue has been fixed in upstream v2.2.21 by adding comment "# The "auto" option is supported on OpenSSH 5.9 (2011) and later." in waagent.conf. But the latest WALA.el6 package we shipped is 2.2.18.


Note You need to log in before you can comment on or make changes to this bug.