Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix SSH root login on the recovery system with some configurations #2070

Merged
merged 1 commit into from Mar 8, 2019
Merged

Fix SSH root login on the recovery system with some configurations #2070

merged 1 commit into from Mar 8, 2019

Conversation

OliverO2
Copy link
Contributor

@OliverO2 OliverO2 commented Mar 6, 2019

Pull Request Details:

On Ubuntu 18.04 with OpenSSH 7.6, /etc/ssh/sshd_config contains
commented-out lines for 'PermitRootLogin' and other options. This fix
makes sure that settings changed for ReaR will be real, not comments.

@OliverO2
Fix SSH root login on the recovery system with some configurations
ec34d04 
On Ubuntu 18.04 with OpenSSH 7.6, /etc/ssh/sshd_config contains
commented-out lines for 'PermitRootLogin' and other options. This fix
makes sure that settings changed for ReaR will be real, not comments.
@OliverO2 OliverO2 mentioned this pull request Mar 6, 2019
Closed
@jsmeix jsmeix added the bug The code does not do what it is meant to do label Mar 7, 2019
@jsmeix jsmeix added this to the ReaR v2.5 milestone Mar 7, 2019
jsmeix
jsmeix approved these changes Mar 7, 2019
View reviewed changes
Copy link
Member

@jsmeix jsmeix left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me:

# echo -e '# PermitRootLogin foo\n # bar ClientAliveInterval baz' | sed -e 's/.*PermitRootLogin.*/#&/' -e '$ a PermitRootLogin yes' -e 's/.*ClientAliveInterval.*/#&/' -e '$ a ClientAliveInterval 0'

## PermitRootLogin foo
# # bar ClientAliveInterval baz
PermitRootLogin yes
ClientAliveInterval 0

Because usr/share/rear/skel/default/etc/scripts/run-sshd
modifies /etc/ssh/sshd_config only in ReaR's own recovery system
any modifications that make things work there are ok.

@jsmeix jsmeix requested a review from gdha March 7, 2019 09:41
@jsmeix
Copy link
Member

jsmeix commented Mar 7, 2019
edited

@gdha or any other @rear/contributors
could you also have a look if this change is ok.

If there are no objections I would like to merge it tomorrow.

@OliverO2
what about when there is no /etc/ssh/sshd_config in the recovery system?
As far as I see the sshd config file gets copied into the recovery system
via different kind of copy_as_is_ssh_files=( ... ) settings in
usr/share/rear/rescue/default/500_ssh.sh
but - on first glance - I see nothing that verifies there is actually a
/etc/ssh/sshd_config file in the recovery system.

In gereral COPY_AS_IS ignores non existent files and I think
that behaviour is often used in ReaR by adding lots of stuff
to COPY_AS_IS like

COPY_AS_IS=( "${COPY_AS_IS[@]}" something something_else )

to get 'something' and/or 'something_else' into the recovery system
depending on what there is on the original system, e.g. with

COPY_AS_IS=( "${COPY_AS_IS[@]}" QQQ )

"rear mkrescue" just works fine - QQQ is silently ignored
unless one inspects the log file where one gets

+ source /root/rear.github.master/etc/rear/local.conf
...
++ COPY_AS_IS=("${COPY_AS_IS[@]}" QQQ)
.
.
.
+ source /root/rear.github.master/usr/share/rear/build/GNU/Linux/100_copy_as_is.sh
...
++ test -f 'tar: QQQ: Cannot stat: No such file or directory'

@jsmeix jsmeix self-assigned this Mar 7, 2019
@OliverO2
Copy link
Contributor Author

OliverO2 commented Mar 7, 2019

@jsmeix

what about when there is no /etc/ssh/sshd_config in the recovery system?

usr/share/rear/skel/default/etc/scripts/run-sshd would fail altogether if there is no sshd. And if there is an sshd we can safely assume that /etc/ssh/sshd_config exists, as it is a required configuration file. sshd exits with an error message if the file cannot be opened.

So basically, run-sshd would fail one way or the other if the original system did not provide a complete openssh installation.

@jsmeix
Copy link
Member

jsmeix commented Mar 7, 2019

@OliverO2
thank you for your explanation!

@jsmeix jsmeix merged commit 80cbfdd into rear:master Mar 8, 2019
@jsmeix
Copy link
Member

jsmeix commented Mar 8, 2019

@OliverO2
thank you for continuously testing ReaR
and for your analysis plus your bug fix!

@OliverO2 OliverO2 deleted the Fix_SSH_root_login branch March 12, 2019 09:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gdha gdha gdha approved these changes

@jsmeix jsmeix jsmeix approved these changes

Assignees

@jsmeix jsmeix

Labels
bug The code does not do what it is meant to do fixed / solved / done
Projects
None yet
Milestone
ReaR v2.5
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@OliverO2 @jsmeix @gdha