When booting the F-25 Beta RC images I see 2 errors regarding OpenSSH key generation from console ... Starting OpenSSH ecdsa Server Key Generation... [ [0;1;31mFAILED [0m] Failed to start OpenSSH ed25519 Server Key Generation. See 'systemctl status sshd-keygen' for details. [ [0;1;31mFAILED [0m] Failed to start OpenSSH ecdsa Server Key Generation. See 'systemctl status sshd-keygen' for details. [ [0;32m OK [0m] Reached target sshd-keygen.target. from journalctl ... Oct 11 09:47:48 devel3.s390.bos.redhat.com systemd[1]: Starting OpenSSH ed25519 Server Key Generation... Oct 11 09:47:48 devel3.s390.bos.redhat.com kernel: audit: type=1130 audit(1476179268.003:96): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-up Oct 11 09:47:48 devel3.s390.bos.redhat.com kernel: audit: type=1130 audit(1476179268.003:97): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rngd comm= Oct 11 09:47:48 devel3.s390.bos.redhat.com systemd[1756]: sshd-keygen: Failed at step EXEC spawning /usr/libexec/openssh/sshd-keygen: No such file or directory Oct 11 09:47:48 devel3.s390.bos.redhat.com systemd[1]: Starting System Logging Service... Oct 11 09:47:48 devel3.s390.bos.redhat.com systemd[1]: Starting Hold until boot process finishes up... Oct 11 09:47:48 devel3.s390.bos.redhat.com systemd[1]: Starting Anaconda NetworkManager configuration... Oct 11 09:47:48 devel3.s390.bos.redhat.com systemd[1]: Starting Terminate Plymouth Boot Screen... Oct 11 09:47:48 devel3.s390.bos.redhat.com systemd[1]: Starting Service enabling compressing RAM with zRam... Oct 11 09:47:48 devel3.s390.bos.redhat.com systemd[1]: Starting pre-anaconda logging service... Oct 11 09:47:48 devel3.s390.bos.redhat.com systemd[1]: Starting OpenSSH ecdsa Server Key Generation... Oct 11 09:47:48 devel3.s390.bos.redhat.com systemd[1]: sshd-keygen: Main process exited, code=exited, status=203/EXEC Oct 11 09:47:48 devel3.s390.bos.redhat.com systemd[1]: Failed to start OpenSSH ed25519 Server Key Generation. Oct 11 09:47:48 devel3.s390.bos.redhat.com systemd[1764]: sshd-keygen: Failed at step EXEC spawning /usr/libexec/openssh/sshd-keygen: No such file or directory Oct 11 09:47:48 devel3.s390.bos.redhat.com systemd[1]: sshd-keygen: Unit entered failed state. Oct 11 09:47:48 devel3.s390.bos.redhat.com audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd-keygen@ed25519 comm="systemd" ex Oct 11 09:47:48 devel3.s390.bos.redhat.com systemd[1]: sshd-keygen: Failed with result 'exit-code'. Oct 11 09:47:48 devel3.s390.bos.redhat.com systemd[1]: sshd-keygen: Main process exited, code=exited, status=203/EXEC Oct 11 09:47:48 devel3.s390.bos.redhat.com systemd[1]: Failed to start OpenSSH ecdsa Server Key Generation. Oct 11 09:47:48 devel3.s390.bos.redhat.com systemd[1]: sshd-keygen: Unit entered failed state. Oct 11 09:47:48 devel3.s390.bos.redhat.com audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd-keygen@ecdsa comm="systemd" exe= Oct 11 09:47:48 devel3.s390.bos.redhat.com systemd[1]: sshd-keygen: Failed with result 'exit-code'. Oct 11 09:47:48 devel3.s390.bos.redhat.com systemd[1]: Reached target sshd-keygen.target. ... The solution can be adding the key generation to the postinstall lorax template (https://github.com/rhinstaller/lorax/blob/master/share/templates.d/99-generic/runtime-postinstall.tmpl#L91), but my question is whether the generation could be omitted from image creation and left for runtime. Version-Release number of selected component (if applicable): lorax-25.15-1.fc25
You certainly don't want to include keygen as part of the image creation process. Then everyone will get the same keys. Make sure the iso you are using was created using lorax-25.16-1 or later. *** This bug has been marked as a duplicate of bug 1378378 ***
(In reply to Brian Lane from comment #1) > You certainly don't want to include keygen as part of the image creation > process. Then everyone will get the same keys. Shouldn't we then remove the whole key-creation section in runtime-postinstall.tmpl for s390(x) mentioned above?
(In reply to Dan Horák from comment #2) > (In reply to Brian Lane from comment #1) > > You certainly don't want to include keygen as part of the image creation > > process. Then everyone will get the same keys. > > Shouldn't we then remove the whole key-creation section in > runtime-postinstall.tmpl for s390(x) mentioned above? I would think so, but since I'm not exactly sure *why* that code is there someone with s390 access will have to give it a try to make sure it doesn't break anything.
Log from booting a refreshed install.img after updating post-install lorax template ... Starting Anaconda NetworkManager configuration... Starting Service enabling compressing RAM with zRam... Starting Terminate Plymouth Boot Screen... Starting pre-anaconda logging service... Starting OpenSSH ecdsa Server Key Generation... [ [0;32m OK [0m] Started Hardware RNG Entropy Gatherer Daemon. Starting Hold until boot process finishes up... Starting OpenSSH ed25519 Server Key Generation... Starting OpenSSH rsa Server Key Generation... Starting System Logging Service... Starting Login Service... [ 33.533897] anaconda[1680]: Starting installer, one moment... [ 33.535137] anaconda[1680]: 12:02:42 Please ssh install@devel3 (a.b.c.d) to begin the install. Will send a pull request ASAP.
See https://github.com/rhinstaller/lorax/pull/165 for the dropping of ssh keygen in the image.
Thanks for testing that!
lorax-25.17-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-0a0a45fcbe
lorax-25.17-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.