/etc/ssh/sshd_config disappears on upgrade to 1.5.1 when using a non-default console

[dwaite]

Upon upgrade, ssh is no longer accepted. It appears /etc/ssh/sshd_config disappears on each reboot.

---

RancherOS Version: (ros os version)
1.5.1

Where are you running RancherOS? (docker-machine, AWS, GCE, baremetal, etc.)
digitalocean (via droplet Gui deployment)

[kjake]

I have the same behavior. 1.5.1 running on VMware. Using Debian console.

[nlseven]

Same here, running VMware build.
I have added the sshd_config to the cloud-config.yml before upgrading nodes, which is working fine:

write_files:
- content: |+
    ChallengeResponseAuthentication no
    UsePAM yes
    X11Forwarding no
    PrintMotd no
    AcceptEnv LANG LC_*
    Subsystem sftp /usr/lib/openssh/sftp-server
    ClientAliveInterval 180
    UseDNS no
    PermitRootLogin no
    ServerKeyBits 2048
    AllowGroups docker
  owner: root
  path: /etc/ssh/sshd_config
  permissions: "0600"

[kjake]

Thanks @nlseven - since mine was already broken, it didn't like that formatting and wouldn't take on reboot.

I did it this way though, rebooted, and it took and was reformatted like yours - so there's something about cloud-config that I don't understand.

My sshd_config persists through reboots now, but only contains what you've posted.

write_files:
  - path: /etc/ssh/sshd_config
    permissions: "0600"
    owner: root
    content: |+
        ChallengeResponseAuthentication no
        UsePAM yes
        X11Forwarding no
        PrintMotd no
        AcceptEnv LANG LC_*
        Subsystem	sftp	/usr/lib/openssh/sftp-server
        ClientAliveInterval 180
        UseDNS no
        PermitRootLogin no
        ServerKeyBits 2048
        AllowGroups docker

[nlseven]

Thanks @nlseven - since mine was already broken, it didn't like that formatting and wouldn't take on reboot.

I did it this way though, rebooted, and it took and was reformatted like yours - so there's something about cloud-config that I don't understand.

My sshd_config persists through reboots now, but only contains what you've posted.

No problem. I grabbed the sshd_config file from a working 1.5.0 node and stripped the comments, so this is using the regular Rancher defaults. The upside is that it won't tack on the last 5 lines on each reboot like the old version sometimes does.

[niusmallnan]

This should happen when using a non-default console.

You can upgrade with --upgrade-console, this should work:

ros os upgrade --upgrade-console

But it will delete the old console, please back up your data.

I will update the RN to remind other users.

[dwaite]

@niusmallnan yes, --upgrade-console fixed it for me. I couldn't figure out the magic in ros to get a new version of the console.

[benok]

I submit a issue #2683 around this.

[benok]

Sorry, #2683 is not actually related.

[rootwuj]

Tested with rancher/os:v1.5.2-rc1 from May 21
Verified fixed

Test:

• Rancheros v1.5.1 switch to other console
• Upgrade to rancheros v1.5.2-rc1

Result：

• can connect via ssh
• /etc/ssh/sshd_config exists