yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1470433] Re: SSH restart does not work on RHEL7

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Scott Moser <smoser@xxxxxxxxxx>
Date: Fri, 22 Sep 2017 20:46:49 -0000
Reply-to: Bug 1470433 <1470433@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I blieve this was fixed in 0.7.9. It appears fixed in trunk by
ba0adb9b5100735358a76fdee7b251dba224a4cd

** Changed in: cloud-init
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1470433

Title:
  SSH restart does not work on RHEL7

Status in cloud-init:
  Fix Released

Bug description:
  As part of cc_set_passwords.py - SSH is restarted when sshd_config
  changes are made by cloud-init

  However on RHEL7, the ssh service is named "sshd" not "ssh" - "ssh" is
  the default in the code...

  ##
  config/cc_set_passwords.py:            cmd.append(cloud.distro.get_option('ssh_svcname', 'ssh'))
  ##

  There is no override for this for RHEL currently, unlike on Arch and
  Gentoo

  #
  distros/arch.py:        cfg['ssh_svcname'] = 'sshd'
  distros/gentoo.py:        cfg['ssh_svcname'] = '/etc/init.d/sshd'
  #

  Fix should be added to
  #
  distros/rhel.py
  #

  Something like...
  #
  class Distro(distros.Distro):
  ....

      def __init__(self, name, cfg, paths):
  ....
          cfg['ssh_svcname'] = 'sshd'
  #

  I've tagged this as a security vulnerability, as it left internet
  accessible VMs with password based SSH enabled, and got a system
  compromised.

  regards

  James M

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1470433/+subscriptions