|
Bugzilla – Full Text Bug Listing |
| Summary: | SSH disable in all situation. It was agreed that that for remote install SSH would be enbled. | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE 11.2 | Reporter: | Boyd Gerber <gerberb> |
| Component: | Security | Assignee: | Stephan Kulow <coolo> |
| Status: | RESOLVED INVALID | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Critical | ||
| Priority: | P5 - None | CC: | coolo, locilka, meissner, security-team, thomas |
| Version: | Final | Flags: | meissner:
SHIP_STOPPER?
(coolo) |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | openSUSE 11.2 | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Boyd Gerber
2009-10-31 18:09:15 UTC
I think it would be a little late for 11.2 to implement new functionality, so I would prefer to revert to the old behavior and enable the sshd autostart again for 11.2. if the firewall port is opened, ssh will now be enabled. was added for rc2 (bug 537980) is this what you mean? I set this up locally to test. I used this SDB article that I updated http://en.opensuse.org/SDB:Remote_Installation_of_SUSE_LINUX to do over 200 remote installations. I could not get my opensuse 11.2RC2 to work with using my local download. I have 300 machines that I will have to do using this method for 11.2 when it comes out. What I see now is that it will not work. This bug was opened after a irc discussion in #opensuse-testing. Although I said there that I've got problems with this new behavior, too, I have to revise that now. I tested 2 installations: * a local installation with DVD - automatic configuration - firewall enabled / SSHd disabled (default) Result: SSHd disabled, autostart off * a SSH installation with DVD - automatic configuration - firewall enabled / SSHd disabled (default) Result: SSHd enabled, autostart on The SSH installation was done like described in the SDB (see comment #3). You can see that sshd was used automatically during the SSH installation and that the autostart was configured, too, although I did not specify it. So I'd say that it works like a charme for me. hmm, -> yast2 installation module... where is the bug? #5 clearly says "WORKSFORME" to me - and I see no yast logs either. I never could get yast to start on the installation sever. That is why there are not logs. I would see ot start through the steps of bootiing, but could never get it to allow me to login and start yast2.
title SSH Installation (openSUSE 11.2) ftp
root (hd0,0)
kernel /boot/linux.install usessh=1 sshpassword=1a2b3c4d netdevice=eth1 install=ftp://192.168.0.1/opensuse/distribution/openSUSE-stable/repo/oss/ hostname=test1.zenez.com hostip=192,168,0.2/24 gateway=192.168.0.1 nameserver=192.168,0.1
initrd /boot/initrd.install
title SSH Installation (openSUSE 11.2) http
root (hd0,0)
kernel /boot/linux.install usessh=1 sshpassword=1a2b3c4d netdevice=eth1 install=http://192.168.0.1/distribution/11.1/repo/oss hostname=test1.zenez.com hostip=192.168.0.2/24 gateway=192.168.0.1 nameserver=192.168.0.1
initrd /boot/initrd.install
Because the sshd is not running and the ports are closed I am unable to connect to the machine to start the installation. See above more menu.lst entries. I tried both ftp and http. at installation time neither the firewall nor the ssh autostart setting are involved. If ssh doesn't work for the initial stage of installation it must be a different problem. For example in the above command line for ftp install there's a typo in the hostip and nameserver settings: ',' instead of '.', the http command line refers to something with 11.1 in the name. Tge type-o occured because I was removing my public IP's to private ones.henece the error. I do not want the public IP's know as I do not want people abusing them. So there was a fault of mine in sanitizing the records. This does not invalidate the fact that it does not work over public IP addresses as the moment. Well it sure does not work. SSH never gives a prompt to login. The system does ping after the reboot, Loook at these articles. http://docs.telante.com/index.php/HOWTO_Install_SUSE_Linux_Remotely_without_Physical_Access and http://en.opensuse.org/SDB:Remote_Installation_of_SUSE_LINUX ssh deamon never starts so you can not do an install. Here I am 700 miles away and it is 3:30 in the morning and after 4 hours I have never been able to get a login. Use ftp://mirrors.kernel.org/opensuse/distribution/11.2/repo/oss/boot/loader/ to copy initrd /boot/initrd.install and copy linux /boot/linux.install ftp://mirrors.kernel.org/opensuse/distribution/11.2/repo/oss/ and there were not typo's because I copy pasted the same IP addresss that I could ping before the reboot. If I could get to the machine I would copy paste the exact menu.lst entries. But seeing the machine is 700 miles away and 3:30 am I can not call or get a hold of any one to turn the machine off and back on so it would boot to the old kernel. Any suggestions on how to use linuxrc that the articles suggest to get the machines to boot for an install would be greatly appreciated. Given I reported the bug befor release and it now is still there. Maybe trying it with fixing my type-o's would also yield you the exact same results for you. Well it sure does not work. SSH never gives a prompt to login. The system does ping after the reboot, Loook at these articles. http://docs.telante.com/index.php/HOWTO_Install_SUSE_Linux_Remotely_without_Physical_Access and http://en.opensuse.org/SDB:Remote_Installation_of_SUSE_LINUX ssh deamon never starts so you can not do an install. Here I am 700 miles away and it is 3:30 in the morning and after 4 hours I have never been able to get a login. Use ftp://mirrors.kernel.org/opensuse/distribution/11.2/repo/oss/boot/loader/ to copy initrd /boot/initrd.install and copy linux /boot/linux.install ftp://mirrors.kernel.org/opensuse/distribution/11.2/repo/oss/ and there were not typo's because I copy pasted the same IP addresss that I could ping before the reboot. If I could get to the machine I would copy paste the exact menu.lst entries. But seeing the machine is 700 miles away and 3:30 am I can not call or get a hold of any one to turn the machine off and back on so it would boot to the old kernel. Any suggestions on how to use linuxrc that the articles suggest to get the machines to boot for an install would be greatly appreciated. Given I reported the bug befor release and it now is still there. Maybe trying it with fixing my type-o's would also yield you the exact same results for you. Use ftp://mirrors.kernel.org/opensuse/distribution/11.2/repo/oss/boot/loader/ to copy initrd to /boot/initrd.install and copy linux to /boot/linux.install you can also copy from http://mirrors.xmission.com/opensuse/distribution/11.2/repo/oss/loader/ as well. I also tried download.opensuse.org same results. ###Don't change this comment - YaST2 identifier: Original name: ssh-install-template### title SSH Installation (openSUSE 11.1) http root (hd0,0) kernel /boot/linux.install usessh=1 sshpassword=1a2b3c4d netdevice=eth1 install=http://download.opensuse.org/distribution/11.2/repo/oss hostname=linux.lyndist.com hostip=208.110.143.2/24 gateway=208.110.143.1 nameserver=208.110.136.1 initrd /boot/initrd.install ###Don't change this comment - YaST2 identifier: Original name: ssh-install-template### title SSH Installation (openSUSE 11.1) ftp root (hd0,0) kernel /boot/linux.install usessh=1 sshpassword=1a2b3c4d netdevice=eth1 install=ftp://mirrors.kernel.org/opensuse/distribution/11.2/repo/oss/ hostname=linux.lyndist.com hostip=208.110.143.2/24 gateway=208.110.143.1 nameserver=208.110.136.1 initrd /boot/initrd.install Here are the last 4 entires of one system that does not wok.
###Don't change this comment - YaST2 identifier: Original name: ssh-install-template-http-1###
title SSH Installation (openSUSE 11.2) mirrors.kernel.org http
root (hd0,4)
kernel /boot/linux.install usessh=1 sshpassword=1a2b3c4d netdevice=eth0 install=http://mirrors.kernel.org/opensuse/distribution/11.2/repo/oss hostname=white3.wenet hostip=192.168.10.55/24 gateway=192.168.10.110 nameserver==206.163.82.4
initrd /boot/initrd.install
###Don't change this comment - YaST2 identifier: Original name: ssh-install-template-http-1###
title SSH Installation (openSUSE 11.2) mirrors.kernel.org ftp
root (hd0,4)
kernel /boot/linux.install usessh=1 sshpassword=1a2b3c4d netdevice=eth0 install=ftp://mirrors.kernel.org/opensuse/distribution/11.2/repo/oss hostname=white3.wenet hostip=192.168.10.55/24 gateway=192.168.10.110 nameserver==206.163.82.4
initrd /boot/initrd.install
###Don't change this comment - YaST2 identifier: Original name: ssh-install-template-http-1###
title SSH Installation (openSUSE 11.2) download ftp
root (hd0,4)
kernel /boot/linux.install usessh=1 sshpassword=1a2b3c4d netdevice=eth0 install=ftp://download.opensuse.org/distribution/11.2/repo/oss hostname=white3.wenet hostip=192.168.10.55/24 gateway=192.168.10.110 nameserver==206.163.82.4
initrd /boot/initrd.install
###Don't change this comment - YaST2 identifier: Original name: ssh-install-template-http-1###
title SSH Installation (openSUSE 11.2) download http
root (hd0,4)
kernel /boot/linux.install usessh=1 sshpassword=1a2b3c4d netdevice=eth0 install=http://download.opensuse.org/distribution/11.2/repo/oss hostname=white3.wenet hostip=192.168.10.55/24 gateway=192.168.10.110 nameserver==206.163.82.4
This has worked since SuSE Linux Professional 4.3 to openSUSE 11.1. It does not work with openSUSE 11.2
Here are the entries from my lab with two systems.
###Don't change this comment - YaST2 identifier: Original name: ssh-install-template-http###
title SSH Installation (openSUSE 11.1) http
root (hd0,4)
kernel /boot/linux.install usessh=1 sshpassword=1a2b3c4d netdevice=eth0 install=http://download.opensuse.org/distribution/11.1/repo/oss hostname=service.zenez.com hostip=198.60.105.100/24 gateway=198.60.105.1 nameserver=198.60.105.2
initrd /boot/initrd.install
###Don't change this comment - YaST2 identifier: Original name: ssh-install-template-http-1###
title SSH Installation (openSUSE 11.1) Comcast http
root (hd0,4)
kernel /boot/linux.install usessh=1 sshpassword=1a2b3c4d netdevice=eth1 install=http://download.opensuse.org/distribution/11.1/repo/oss hostname=service.zenez.com hostip=98.202.175.192/22 gateway=98.202.172.1 nameserver=68.87.85.98
initrd /boot/initrd.install
###Don't change this comment - YaST2 identifier: Original name: ssh-install-template###
title SSH Installation (openSUSE 11.2) nfs
root (hd0,4)
kernel /boot/linux.install usessh=1 sshpassword=1a2b3c4d netdevice=eth0 install=nfs://198.60.105.164/MNT2/opensuse/distribution/11.2/repo/oss hostname=service.zenez.com hostip=198.60.105.100/24 gateway=198.60.105.2 nameserver=198.60.105.2
initrd /boot/initrd.install
###Don't change this comment - YaST2 identifier: Original name: vnc-install-nfs###
title VNC Installation (openSUSE 11.2) nfs
root (hd0,4)
kernel /boot/linux.install vnc=1 vncpassword=1a2b3c4d netdevice=eth0 install=nfs://198.60.105.164/MNT2/opensuse/distribution/11.2/repo/oss hostname=service.zenez.com hostip=198.60.105.100/24 gateway=198.60.105.2 nameserver=198.60.105.2
initrd /boot/initrd.install
###Don't change this comment - YaST2 identifier: Original name: ssh-install###
title SSH Installation (openSUSE 11.2) local hd
root (hd0,4)
kernel /boot/linux.install usessh=1 sshpassword=1a2b3c4d netdevice=eth0 install=hd:///opensuse/distribution/11.2/repo/oss hostname=service.zenez.com hostip=198.60.105.100/24 gateway=198.60.105.2 nameserver=198.60.105.2
initrd /boot/initrd.install
###Don't change this comment - YaST2 identifier: Original name: vnc-install###
title VNC Installation (openSUSE 11.2) local hd
root (hd0,4)
kernel /boot/linux.install vnc=1 vncpassword=1a2b3c4d netdevice=eth0 install=hd:///opensuse/distribution/11.2/repo/oss?device=sdb5 hostname=service.zenez.com hostip=198.60.105.100/24 gateway=198.60.105.2 nameserver=198.60.105.2
initrd /boot/initrd.install
###Don't change this comment - YaST2 identifier: Original name: ssh-install-template-http###
title SSH Installation (openSUSE 11.2) download.opensuse.org http
root (hd0,4)
kernel /boot/linux.install usessh=1 sshpassword=1a2b3c4d netdevice=eth0 install=http://download.opensuse.org/distribution/11.2/repo/oss hostname=service.zenez.com hostip=198.60.105.100/24 gateway=198.60.105.2 nameserver=198.60.105.2
initrd /boot/initrd.install
###Don't change this comment - YaST2 identifier: Original name: ssh-install-template-http-1###
title SSH Installation (openSUSE 11.2) mirrors.kernel.org http
root (hd0,4)
kernel /boot/linux.install usessh=1 sshpassword=1a2b3c4d netdevice=eth0 install=http://mirrors.kernel.org/opensuse/distribution/11.2/repo/oss/ hostname=service.zenez.com hostip=198.60.105.100/24 gateway=198.60.105.2 nameserver=198.60.105.2
initrd /boot/initrd.install
###Don't change this comment - YaST2 identifier: Original name: ssh-install-template-http-1###
title SSH Installation (openSUSE 11.2) mirrors.kernel.org ftp
root (hd0,4)
kernel /boot/linux.install usessh=1 sshpassword=1a2b3c4d netdevice=eth0 install=ftp://mirrors.kernel.org/opensuse/distribution/11.2/repo/oss/ hostname=service.zenez.com hostip=198.60.105.100/24 gateway=198.60.105.2 nameserver=198.60.105.2
initrd /boot/initrd.install
###Don't change this comment - YaST2 identifier: Original name: ssh-install-template-http-1###
title SSH Installation (openSUSE 11.2) download http
root (hd0,4)
kernel /boot/linux.install usessh=1 sshpassword=1a2b3c4d netdevice=eth0 install=http://download.opensuse.org/distribution/11.2/repo/oss hostname=service.zenez.com hostip=198.60.105.100/24 gateway=198.60.105.2 nameserver=198.60.105.2
initrd /boot/initrd.install
It is really sad when something that has always worked for all version of any suse product except 11.2. Is not fixed and was not throughly investigated, Sure wth my being sick and acting like I have a stroke and have an extreme hard time even with large fonts that are move back an for really fast making it extremely hard to add information and sanitize it. Well now you have two systems with exactly the same problem that when I change the 11.2 to an 11.1 boot and install prefectly. You should be able to see and fix the bug and allow a way for us to recut the DVD or CD to be able to install the only version of any SUSE/openSUSE linux version that does not work. It is really sad when something that has always worked for all version of any suse product except 11.2. Is not fixed and was not throughly investigated, Sure wth my being sick and acting like I have a stroke and have an extreme hard time even with large fonts that are move back an for really fast making it extremely hard to add information and sanitize it. Well now you have two systems with exactly the same problem that when I change the 11.2 to an 11.1 boot and install prefectly. You should be able to see and fix the bug and allow a way for us to recut the DVD or CD to be able to install the only version of any SUSE/openSUSE linux version that does not work. My guess: SSH doesn't start after reboot which is actually a 'feature'. Well, tell me how in the limite linuxrc we have how to enable sshd and open the firewall. Because I can not find any combination that works and I have 200 systems 5-6 hundered miles away that I have to install 11.2. I am at a total loss of what else I can try. I have re-installed 11.1 on them after the miserable failure of trying to get 11.2 to install. I even when back to a SuSE prof 6.x and it work. Evey version of openSUSE from 10.0-11.1 worked. I had to use local repos for the discontinued versions but the all worked. Oh part me you wizards of magic with the linux brush of inspiration what I may do to get this feature working for openSUSE 11.2. I am totally out of ideas. Thanks,.... Note that bugzilla is not a support forum. Try the mailinglists instead. AFAICT the ssh install works just fine with fixed IP. I used http://www.suse.de/~lnussel/setupgrubfornfsinstall.html to set up the installation and it worked for me. Also you still seem to not even be able to start the initial stage of installation which means the problem is completely unrelated to not having sshd running by default anymore *after* installation. Firewall settings are also not involved at this stage. Unless you can come up with some logs, screenshots or whatever there is no way for me or anyone else to reproduce the problem. from what I can see, it works as expected. Please report a more concrete problem with concrete logs |