Bug 959493 - AuthorizedKeysCommand set without AuthorizedKeysCommandUser
Summary: AuthorizedKeysCommand set without AuthorizedKeysCommandUser
Keywords:
Status: CLOSED DUPLICATE of bug 953617
Alias: None
Product: Fedora
Classification: Fedora
Component: freeipa
Version: 19
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-05-03 15:47 UTC by Dean Hunter
Modified: 2013-05-03 20:31 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-05-03 18:30:55 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Dean Hunter 2013-05-03 15:47:59 UTC
Description of problem:

sshd fails to start after yum distro-sync to Fedora 19


Version-Release number of selected component (if applicable):

Installed Packages
openssh.x86_64                       6.2p1-4.fc19                        @fedora


How reproducible: Consistent


Steps to Reproduce:

1. Build a VM from the Fedora 18 x86-64 DVD
2. yum update --assumeyes
3. reboot
4. yum update yum
5. yum clean all
6. yum --releasever=19 distro-sync --nogpgcheck -y
7. reboot


Actual results:

From /var/log/messages:
May  2 22:58:47 ipa systemd[1]: Starting OpenSSH server daemon...
May  2 22:58:47 ipa systemd[1]: Starting Certificate monitoring and PKI enrollment...
May  2 22:58:47 ipa systemd[1]: Starting Virtualization daemon...
May  2 22:58:47 ipa dbus-daemon[406]: dbus[406]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
May  2 22:58:47 ipa dbus[406]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
May  2 22:58:47 ipa systemd[1]: Started Virtualization daemon.
May  2 22:58:47 ipa systemd[1]: Starting Identity, Policy, Audit...
May  2 22:58:47 ipa systemd[1]: Starting RPC bind service...
May  2 22:58:47 ipa dbus-daemon[406]: /etc/NetworkManager/dispatcher.d/04-iscsi: line 8: syntax error: unexpected end of file
May  2 22:58:47 ipa nm-dispatcher.action: Script '/etc/NetworkManager/dispatcher.d/04-iscsi' exited with error status 2.
May  2 22:58:47 ipa systemd[1]: Started OpenSSH server daemon.
May  2 22:58:47 ipa systemd[1]: Stopping Sendmail Mail Transport Agent...
May  2 22:58:47 ipa systemd[1]: Starting Sendmail Mail Transport Agent...
May  2 22:58:47 ipa systemd[1]: Started RPC bind service.
May  2 22:58:47 ipa sshd[1004]: AuthorizedKeysCommand set without AuthorizedKeysCommandUser
May  2 22:58:47 ipa systemd[1]: sshd.service: main process exited, code=exited, status=255/n/a
May  2 22:58:47 ipa systemd[1]: MESSAGE=Unit sshd.service entered failed state.


Expected results:

No errors starting sshd.service


Additional info:

Comment 1 Dean Hunter 2013-05-03 16:30:00 UTC
What is this trying to tell me:

  Updating   : openssh-server-6.2p1-4.fc19.x86_64                     1290/2927 
warning: /etc/ssh/sshd_config created as /etc/ssh/sshd_config.rpmnew
  Updating   : coolkey-1.1.0-22.fc19.x86_64                           1291/2927

Comment 2 Rob Crittenden 2013-05-03 18:30:55 UTC
This is just saying that the openssh-server package provides a new default configuration file and rather than overwriting the current file, it creates it under a new name so you can manually merge in any changes.

Marking as a duplicate. In openssh-server 6.2 they subtly changed some of the directives that we had been using in 6.1 and earlier. This is fixed in freeupa upstream but not yet included in a Fedora release.

*** This bug has been marked as a duplicate of bug 953617 ***

Comment 3 Dean Hunter 2013-05-03 20:31:56 UTC
What is the work-around until fix arrives? Do I need to try to reconcile the differences in the files?

There were quite a few /etc/*.rpmnew files created:

[root@ipa ~]# find /etc -type f -name *.rpmnew
/etc/pam.d/password-auth.rpmnew
/etc/pam.d/postlogin.rpmnew
/etc/pam.d/system-auth.rpmnew
/etc/openldap/ldap.conf.rpmnew
/etc/named.conf.rpmnew
/etc/security/limits.conf.rpmnew
/etc/krb5.conf.rpmnew
/etc/nsswitch.conf.rpmnew
[root@ipa ~]# 

Are they all part of the same problem?


Note You need to log in before you can comment on or make changes to this bug.