Bug 1013974
Summary: | connection closes after entering user-name (includes a fix) | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Oron Peled <oron> |
Component: | shellinabox | Assignee: | Simone Caronni <negativo17> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 19 | CC: | negativo17 |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | shellinabox-2.14-27.git88822c1.el5 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-06-24 01:57:43 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Oron Peled
2013-10-01 07:51:27 UTC
Hello, sorry for being late, dealing with this now. I don't know very much about the ProxyCommand thing in FreeIPA installation; my next setup of it is scheduled for next year (with RHEL's IPA). I have a few questions. Could the change you suggest break things when connecting from a shellinabox shell to a FreeIPA? What does FreeIPA set in the ProxyCommand? Would it be better to package the ~shellinabox/.ssh/config file in the rpm thus avoiding patching the code for the ssh call? A user could see that there's some default setting for ssh by looking at the files the package provides. What do you think? Thanks, --Simone Reply to comment #1 * In /etc/ssh/ssh_config (client configuration): ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h This was changed by /usr/sbin/ipa-client-install (it's python script, you can easily verity this) * The question about trying to login into shellinabox and use FreeIPA authentication is good -- I have no idea and suspect that skipping ProxyCommand may cause it to fail. * If we finally decide to override ProxyCommand I think it's best to use the same mechanism as the other overrides -- I.e: either put everything in ~/.ssh/config or everything hard-coded in shellinabox (that's the current situation). Otherwise, looking at the config file would be misleading. Thanks for the info. > * The question about trying to login into shellinabox and > use FreeIPA authentication is good -- I have no idea > and suspect that skipping ProxyCommand may cause it to fail. Well, in this case it should be better to have the option in the config file; so the user could change and look at it as much as another configuration file. > * If we finally decide to override ProxyCommand I think it's best > to use the same mechanism as the other overrides -- > I.e: either put everything in ~/.ssh/config or everything > hard-coded in shellinabox (that's the current situation). > Otherwise, looking at the config file would be misleading. I can move options out of the code and put them all in the config file. Upstream project is pretty dead; so I think that whatever we choose it will eventually divert a lot from upstream. What's your preference? I would go for moving out options from the code and ship ~/.ssh/config as a config file in the rpm. shellinabox-2.14-27.git88822c1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/shellinabox-2.14-27.git88822c1.el6 shellinabox-2.14-27.git88822c1.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/shellinabox-2.14-27.git88822c1.fc19 shellinabox-2.14-27.git88822c1.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/shellinabox-2.14-27.git88822c1.el5 shellinabox-2.14-27.git88822c1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/shellinabox-2.14-27.git88822c1.fc20 Package shellinabox-2.14-27.git88822c1.el5: * should fix your issue, * was pushed to the Fedora EPEL 5 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing shellinabox-2.14-27.git88822c1.el5' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1610/shellinabox-2.14-27.git88822c1.el5 then log in and leave karma (feedback). shellinabox-2.14-27.git88822c1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. shellinabox-2.14-27.git88822c1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. shellinabox-2.14-27.git88822c1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. shellinabox-2.14-27.git88822c1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. |