Just ran ipa-server install on to different Fedora20 machines:
THe second time, I was able to log in and see why sshd stopped running.
Jun 10 23:04:17 ipa sshd: /etc/ssh/sshd_config line 156: Bad yes/no argument: noKerberosAuthentication
When I edited that file, I saw two lines were concatenated, as if a newline had been missed:
UseDNS noKerberosAuthentication no
Once this fails, you cannot log into the machine. sshd will not start. With an OpenStack install, this is a fatal error: the machine is unusable afterwards.
The workaround is to edit the file by hand and restart sshd.
Missing trailing newline in sshd_config is causing this.
I see you found the root cause, which FreeIPA/Fedora versions are affected?
All versions since the feature was first introduced.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1112691
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1201454 (Red Hat Enterprise Linux 6)
Metadata Update from @admiyo:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 4.0 Backlog
to comment on this ticket.