|
Bugzilla – Full Text Bug Listing |
| Summary: | SuSEfirewall2/ssh (enabled): no ssh login possible after install | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Distribution | Reporter: | Christian Wittmer <chris> |
| Component: | Installation | Assignee: | E-mail List <yast2-maintainers> |
| Status: | RESOLVED WONTFIX | QA Contact: | Jiri Srain <jsrain> |
| Severity: | Major | ||
| Priority: | P5 - None | CC: | ancor, chris, igonzalezsosa, jreidinger, mpluskal, okurz, yast2-maintainers |
| Version: | Leap 42.1 | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: |
AutoInstall file
YaST2 logs |
||
|
Description
Christian Wittmer
2016-05-28 18:27:47 UTC
Please alaso attach installation logs so we can see what happened. https://en.opensuse.org/openSUSE:Report_a_YaST_bug#I_reported_a_YaST2_bug.2C_and_now_I_am_asked_to_.22attach_y2logs.22_.28for_package_installation_also_.22libzypp_logging.22.29._What_does_that_mean.2C_and_how_do_I_do_that.3F Created attachment 678835 [details]
YaST2 logs
upload YaST2 logs
thanks Imo - I think you did support for having sshd without opening port, right? Logs indicate it 2016-05-28 19:36:39 <1> 192.168.0.171(3289) [Ruby] clients/firewall_stage1_proposal.rb:385 After installation, firewall will be enabled, SSHD will be enabled, SSH port will be closed, VNC port will be closed sorry, but you can only choose between 'enable/disable' service ... IMHO it is nonsense to 'enable' firewall, sshd and 'close' sshd port ;) Why should I do this ? AFAIK I didn't do it ... .. I think you should try an install ... and I will do again. Hi Christian, You should explicitly open the SSH port in the firewall configuration. The following line in the firewall section will do the trick: <FW_CONFIGURATIONS_EXT>sshd</FW_CONFIGURATIONS_EXT> Please, could you try if it works for you? Yes it will work. But IMHO it is nonse that you explicitly need to 'open port', even when you enable firewall AND ssh. When you enable both why is there the need to enable port ? IMHO this should be done automatically ... I checked it a second time ... ... there are only TWO lines: - one for firewall (enabled) - one for ssh (disabled) ... when you enable ssh then there comes a 'THIRD' line: - one for opening the port when you are on a 'remote install via ssh' where your X is tunneld via ssh it is possible that you do NOT check for a NEW UPCOMING LINE for enabling the port for ssh ... cause the refreshing of the screen does take too long and you do not expect A NEW LINE coming up which you should ENABLE... ... that's why this happened to me. Again, when firewall is enabled and you enable 'ssh' then the port should be set automatically and not 'interactively' by the user. It is obvious that you need the port in that case and nonsense to ask the user for it ... It's intentional that enabling the service doesn't automagically open the port. There was quite some discussion involving quite some people when this feature was implemented and it was decided to make it work as it is now. So it's not a bug, but a feature. :-) If you feel it should be changed, please open a FATE entry so it can be re-discussed by all parties. http://features.opensuse.org/ For the time being, I will close it as "WONTFIX" or "FEATURE". Thanks. This intentional decision is not a 'logical' decision ... it is more a 'democratic' decision. Never thought that there could be so much more people making decision in a NOT LOGICAL WAY :((( |