Bug 2091630
| Summary: | controller sshd_conf causes scp to fail | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Ella Shulman <eshulman> | ||||
| Component: | tripleo-ansible | Assignee: | OSP Team <rhos-maint> | ||||
| Status: | CLOSED DUPLICATE | QA Contact: | Joe H. Rahme <jhakimra> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 17.0 (Wallaby) | CC: | bshephar, ramishra, rdiazcam | ||||
| Target Milestone: | --- | Keywords: | Triaged | ||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2022-05-31 10:05:42 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Hi Ella, Are you overriding the SshServerOptions or something in your Heat templates? I can't reproduce this with a default deployment, scp is working for me. Hi Brenden, Yes, we override it as we did in older deployments but we never had only this parameter appearing in the sshd_config (we are doing the same for osp 16.2, 16.1, 13 etc). I assume something changed in the way vars are being overridden. is there a way to resume the old behavior? should this change be documented? IMHO it would be better to merge the vars provided by default and by the user to construct a working sshd_conf instead of having the user write all the parameters he would like to have in the file just to override one parameter. Yeah, we need to use SshServerOptionsOverrides in OSP17: https://github.com/openstack/tripleo-heat-templates/commit/bfd97da0bfa386642d47e8d317aad70c99594cd5 This has come up a few times in seperate BZ's. The issue is that once you override SshServerOptions, we have no way of comparing to the defaults. If we compare against the sshd_config file on the remote system, then we would never be able to remove things that have been added in previous runs. That wouldn't be ideal, so we have the Overrides option that will allow you to add and remove params from the file as required. *** This bug has been marked as a duplicate of bug 2085102 *** |
Created attachment 1885161 [details] scp -vvvv output Description of problem: it seems like ansible configures sshd_conf in a way that doesn't allow using scp command (copy from the controller to the undercloud for example). When adding additional parameters and restarting sshd I was able to use scp. Version-Release number of selected component (if applicable): osp17 How reproducible: not sure if anyone else experienced it Steps to Reproduce: 1. use scp to copy a file from one of the overcloud nodes 2. 3. Actual results: error Expected results: files copied from overcloud host to undercloud Additional info: when using ansible fetch I was able to copy the files as well overcloud nodes sshd_config: ## Ansible managed UseDns no sshd_config that worked for me (taken from the undercloud): AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS AuthorizedKeysFile .ssh/authorized_keys ChallengeResponseAuthentication no GSSAPIAuthentication no GSSAPICleanupCredentials no HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key Subsystem sftp /usr/libexec/openssh/sftp-server SyslogFacility AUTHPRIV UseDNS no UsePAM yes X11Forwarding yes