Bug 1279521 - sshd.service requires /etc/sysconfig/sshd to be present to start
sshd.service requires /etc/sysconfig/sshd to be present to start
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Jakub Jelen
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-09 11:01 EST by Zbigniew Jędrzejewski-Szmek
Modified: 2015-12-22 17:00 EST (History)
5 users (show)

See Also:
Fixed In Version: openssh-7.1p1-6.fc23
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-22 17:00:13 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Zbigniew Jędrzejewski-Szmek 2015-11-09 11:01:07 EST
Description of problem:
sshd.service contains EnvironmentFile=/etc/sysconfig/sshd, which means that service cannot start unless /etc/sysconfig/sshd is present. sshd should work fine without that file, since it appears to only contain the defaults. Requiring the file makes it harder to boot with empty /etc.

Changing
- EnvironmentFile=/etc/sysconfig/sshd
+ EnvironmentFile=-/etc/sysconfig/sshd
should be enough.

Version-Release number of selected component (if applicable):
openssh-server-7.1p1-4.fc24.x86_64
Comment 1 Jakub Jelen 2015-11-09 11:16:39 EST
This seems reasonable. But ...

... you will move only a bit further to booting with empty /etc since sshd will fail to start without having at least sshd_config in /etc/ssh. You can expect that sshd-keygen will create the host keys, but without config it is no-go to start sshd.
Comment 2 Zbigniew Jędrzejewski-Szmek 2015-11-09 15:28:12 EST
Yes... I know it is not a complete solution. But it's a step at least... Proper solution would be to not require sshd_config at all, and have the right defaults compiled in.
Comment 3 Jakub Jelen 2015-11-10 07:57:39 EST
This step is ok. Anyway openssh have defaults compiled in, but not all of them are currently the same as distro defaults.

Openssh is not able to start without reading the config. Reading failures are fatal.

Basically it works just fine with empty file or /dev/null:

    /usr/sbin/sshd -Ddddf /dev/null

I applied the proposed patch and it will be in the next update.
Comment 4 Fedora Update System 2015-12-18 09:41:58 EST
openssh-7.1p1-6.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-8e6294b5c2
Comment 5 Fedora Update System 2015-12-19 15:00:42 EST
openssh-7.1p1-6.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update openssh'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-8e6294b5c2
Comment 6 Fedora Update System 2015-12-22 17:00:06 EST
openssh-7.1p1-6.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.