1181117 – ssh AuthorizedKeyFiles are assumed to be in $HOME/.ssh/authorized_keys ignoring any configuration from /etc/ssh/sshd_config

Bug 1181117 - ssh AuthorizedKeyFiles are assumed to be in $HOME/.ssh/authorized_keys ignoring any configuration from /etc/ssh/sshd_config

Summary: ssh AuthorizedKeyFiles are assumed to be in $HOME/.ssh/authorized_keys ignori...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	GlusterFS
Classification:	Community
Component:	geo-replication
Sub Component:
Version:	mainline
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Aravinda VK
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1128156
Blocks:
TreeView+	depends on / blocked

Reported:	2015-01-12 12:35 UTC by Aravinda VK
Modified:	2015-05-14 17:35 UTC (History)
CC List:	10 users (show)
Fixed In Version:	glusterfs-3.7.0beta1
Doc Type:	Bug Fix
Doc Text:
Clone Of:	1128156
Environment:
Last Closed:	2015-05-14 17:26:22 UTC
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Aravinda VK 2015-01-12 12:35:22 UTC

+++ This bug was initially created as a clone of Bug #1128156 +++

Description of problem:

Georep assumes that everyone has their sshd configured to have 
AuthorizedKeys in $HOME/.ssh/authorized_keys.

If this is not the case, then operations will fail because ssh
public keys do not get correctly setup correctly

Version-Release number of selected component (if applicable):


How reproducible:

100%

Steps to Reproduce:
1. Configure ssh on the target machine to look for authorized_keys in a non standard location
2. Attempt to setup / perform operations that rely on working ssh key based authentication
3.

Actual results:

Product expects authorized_key file only in the standard location
and doesn't correctly setup key based auth if it is in a non standard
location


Expected results:

ssh key based auth is correctly setup according to the local ssh config.

Comment 1 Anand Avati 2015-01-12 12:45:21 UTC

REVIEW: http://review.gluster.org/9436 (geo-rep: Add support for non standard AuthorizedKeysFile location) posted (#1) for review on master by Aravinda VK (avishwan)

Comment 2 Anand Avati 2015-01-22 09:27:57 UTC

REVIEW: http://review.gluster.org/9436 (geo-rep: Add support for non standard AuthorizedKeysFile location) posted (#2) for review on master by Aravinda VK (avishwan)

Comment 3 Anand Avati 2015-02-04 10:36:54 UTC

REVIEW: http://review.gluster.org/9436 (geo-rep: Add support for non standard AuthorizedKeysFile location) posted (#3) for review on master by Aravinda VK (avishwan)

Comment 4 Anand Avati 2015-02-05 08:38:16 UTC

REVIEW: http://review.gluster.org/9436 (geo-rep: Add support for non standard AuthorizedKeysFile location) posted (#4) for review on master by Aravinda VK (avishwan)

Comment 5 Anand Avati 2015-02-20 02:56:32 UTC

COMMIT: http://review.gluster.org/9436 committed in master by Venky Shankar (vshankar) 
------
commit 633cc5aea181a0e76a16c11d4035542fe3b06f19
Author: Aravinda VK <avishwan>
Date:   Mon Jan 12 17:59:16 2015 +0530

    geo-rep: Add support for non standard AuthorizedKeysFile location
    
    In /etc/ssh/sshd_config, AuthorizedKeysFile can be customized
    using %u and %h variables, %u will be replaced by user name
    and %h will be replaced by home dir name. Default location is
    .ssh/authorized_keys
    
    For example,
    AuthorizedKeysFile .ssh/authorized_keys
    AuthorizedKeysFile %h/.my_secret_dir/authorized_keys
    AuthorizedKeysFile /etc/ssh/keys/%u/authorized_keys
    
    PS: Support only added for %h and %u in sshd_config
    
    BUG: 1181117
    Signed-off-by: Aravinda VK <avishwan>
    Change-Id: Ic6ba20f9d202762dfdb6d0c73ea42e7f7c64e177
    Reviewed-on: http://review.gluster.org/9436
    Reviewed-by: Kotresh HR <khiremat>
    Reviewed-by: Venky Shankar <vshankar>
    Tested-by: Venky Shankar <vshankar>

Comment 6 Niels de Vos 2015-05-14 17:26:22 UTC

This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user

Comment 7 Niels de Vos 2015-05-14 17:28:18 UTC

This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user

Comment 8 Niels de Vos 2015-05-14 17:35:15 UTC

This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user

Note You need to log in before you can comment on or make changes to this bug.