#4373 ipa-server-install break sshd
Closed: Fixed None Opened 4 years ago by admiyo.

Just ran ipa-server install on to different Fedora20 machines:

THe second time, I was able to log in and see why sshd stopped running.

From /var/log/messages

Jun 10 23:04:17 ipa sshd: /etc/ssh/sshd_config line 156: Bad yes/no argument: noKerberosAuthentication

When I edited that file, I saw two lines were concatenated, as if a newline had been missed:

UseDNS noKerberosAuthentication no
PubkeyAuthentication yes

Once this fails, you cannot log into the machine. sshd will not start. With an OpenStack install, this is a fatal error: the machine is unusable afterwards.

The workaround is to edit the file by hand and restart sshd.

Missing trailing newline in sshd_config is causing this.

I see you found the root cause, which FreeIPA/Fedora versions are affected?

All versions since the feature was first introduced.


  • 3e0245f Do not corrupt sshd_config in client install when trailing newline is missing.

Metadata Update from @admiyo:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 4.0 Backlog

2 years ago

Login to comment on this ticket.