Bug 1181117 - ssh AuthorizedKeyFiles are assumed to be in $HOME/.ssh/authorized_keys ignoring any configuration from /etc/ssh/sshd_config
Summary: ssh AuthorizedKeyFiles are assumed to be in $HOME/.ssh/authorized_keys ignori...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: GlusterFS
Classification: Community
Component: geo-replication
Version: mainline
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
Assignee: Aravinda VK
QA Contact:
URL:
Whiteboard:
Depends On: 1128156
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-01-12 12:35 UTC by Aravinda VK
Modified: 2015-05-14 17:35 UTC (History)
10 users (show)

Fixed In Version: glusterfs-3.7.0beta1
Doc Type: Bug Fix
Doc Text:
Clone Of: 1128156
Environment:
Last Closed: 2015-05-14 17:26:22 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:


Attachments (Terms of Use)

Description Aravinda VK 2015-01-12 12:35:22 UTC
+++ This bug was initially created as a clone of Bug #1128156 +++

Description of problem:

Georep assumes that everyone has their sshd configured to have 
AuthorizedKeys in $HOME/.ssh/authorized_keys.

If this is not the case, then operations will fail because ssh
public keys do not get correctly setup correctly

Version-Release number of selected component (if applicable):


How reproducible:

100%

Steps to Reproduce:
1. Configure ssh on the target machine to look for authorized_keys in a non standard location
2. Attempt to setup / perform operations that rely on working ssh key based authentication
3.

Actual results:

Product expects authorized_key file only in the standard location
and doesn't correctly setup key based auth if it is in a non standard
location


Expected results:

ssh key based auth is correctly setup according to the local ssh config.

Comment 1 Anand Avati 2015-01-12 12:45:21 UTC
REVIEW: http://review.gluster.org/9436 (geo-rep: Add support for non standard AuthorizedKeysFile location) posted (#1) for review on master by Aravinda VK (avishwan@redhat.com)

Comment 2 Anand Avati 2015-01-22 09:27:57 UTC
REVIEW: http://review.gluster.org/9436 (geo-rep: Add support for non standard AuthorizedKeysFile location) posted (#2) for review on master by Aravinda VK (avishwan@redhat.com)

Comment 3 Anand Avati 2015-02-04 10:36:54 UTC
REVIEW: http://review.gluster.org/9436 (geo-rep: Add support for non standard AuthorizedKeysFile location) posted (#3) for review on master by Aravinda VK (avishwan@redhat.com)

Comment 4 Anand Avati 2015-02-05 08:38:16 UTC
REVIEW: http://review.gluster.org/9436 (geo-rep: Add support for non standard AuthorizedKeysFile location) posted (#4) for review on master by Aravinda VK (avishwan@redhat.com)

Comment 5 Anand Avati 2015-02-20 02:56:32 UTC
COMMIT: http://review.gluster.org/9436 committed in master by Venky Shankar (vshankar@redhat.com) 
------
commit 633cc5aea181a0e76a16c11d4035542fe3b06f19
Author: Aravinda VK <avishwan@redhat.com>
Date:   Mon Jan 12 17:59:16 2015 +0530

    geo-rep: Add support for non standard AuthorizedKeysFile location
    
    In /etc/ssh/sshd_config, AuthorizedKeysFile can be customized
    using %u and %h variables, %u will be replaced by user name
    and %h will be replaced by home dir name. Default location is
    .ssh/authorized_keys
    
    For example,
    AuthorizedKeysFile .ssh/authorized_keys
    AuthorizedKeysFile %h/.my_secret_dir/authorized_keys
    AuthorizedKeysFile /etc/ssh/keys/%u/authorized_keys
    
    PS: Support only added for %h and %u in sshd_config
    
    BUG: 1181117
    Signed-off-by: Aravinda VK <avishwan@redhat.com>
    Change-Id: Ic6ba20f9d202762dfdb6d0c73ea42e7f7c64e177
    Reviewed-on: http://review.gluster.org/9436
    Reviewed-by: Kotresh HR <khiremat@redhat.com>
    Reviewed-by: Venky Shankar <vshankar@redhat.com>
    Tested-by: Venky Shankar <vshankar@redhat.com>

Comment 6 Niels de Vos 2015-05-14 17:26:22 UTC
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user

Comment 7 Niels de Vos 2015-05-14 17:28:18 UTC
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user

Comment 8 Niels de Vos 2015-05-14 17:35:15 UTC
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user


Note You need to log in before you can comment on or make changes to this bug.