Bug 1279521

Summary: sshd.service requires /etc/sysconfig/sshd to be present to start
Product: [Fedora] Fedora Reporter: Zbigniew Jędrzejewski-Szmek <zbyszek>
Component: opensshAssignee: Jakub Jelen <jjelen>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: jjelen, mattias.ellert, mgrepl, plautrba, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openssh-7.1p1-6.fc23 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-22 22:00:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Zbigniew Jędrzejewski-Szmek 2015-11-09 16:01:07 UTC 
Description of problem:
sshd.service contains EnvironmentFile=/etc/sysconfig/sshd, which means that service cannot start unless /etc/sysconfig/sshd is present. sshd should work fine without that file, since it appears to only contain the defaults. Requiring the file makes it harder to boot with empty /etc.

Changing
- EnvironmentFile=/etc/sysconfig/sshd
+ EnvironmentFile=-/etc/sysconfig/sshd
should be enough.

Version-Release number of selected component (if applicable):
openssh-server-7.1p1-4.fc24.x86_64
Comment 1 Jakub Jelen 2015-11-09 16:16:39 UTC 
This seems reasonable. But ...

... you will move only a bit further to booting with empty /etc since sshd will fail to start without having at least sshd_config in /etc/ssh. You can expect that sshd-keygen will create the host keys, but without config it is no-go to start sshd.
Comment 2 Zbigniew Jędrzejewski-Szmek 2015-11-09 20:28:12 UTC 
Yes... I know it is not a complete solution. But it's a step at least... Proper solution would be to not require sshd_config at all, and have the right defaults compiled in.
Comment 3 Jakub Jelen 2015-11-10 12:57:39 UTC 
This step is ok. Anyway openssh have defaults compiled in, but not all of them are currently the same as distro defaults.

Openssh is not able to start without reading the config. Reading failures are fatal.

Basically it works just fine with empty file or /dev/null:

    /usr/sbin/sshd -Ddddf /dev/null

I applied the proposed patch and it will be in the next update.
Comment 4 Fedora Update System 2015-12-18 14:41:58 UTC 
openssh-7.1p1-6.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-8e6294b5c2
Comment 5 Fedora Update System 2015-12-19 20:00:42 UTC 
openssh-7.1p1-6.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update openssh'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-8e6294b5c2
Comment 6 Fedora Update System 2015-12-22 22:00:06 UTC 
openssh-7.1p1-6.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.