#7826 While installing ipa-client SSHD service is failing to start
Opened 4 months ago by rcritten. Modified 4 months ago

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1662479

Description of problem:

While installing ipa-client sshd service is failing to start. I also tried to
install with "--no-ssh" option.

Version-Release number of selected component (if applicable):
ipa-client-3.0.0-51.el6.x86_64

How reproducible:

 # ipa-client-install -d --domain gsslab.pnq2.redhat.com --server
vm250-105.gsslab.pnq2.redhat.com --realm GSSLAB.PNQ2.REDHAT.COM
--ca-cert-file=/etc/ipa/ca.crt -p admin -w RedHat1! --no-ssh

Actual results:
~~~
...
stdout=openssh-daemon (pid  5414) is running...

stderr=
args=/sbin/service sshd restart
stdout=Stopping sshd:                                      [  OK  ]
Starting sshd:                                             [FAILED]

stderr=/etc/ssh/sshd_config line 147: Directive 'UsePAM' is not allowed within
a Match block

sshd failed to restart: Command '/sbin/service sshd restart ' returned non-zero
exit status 255
Client configuration complete.
~~~

Expected results:

~~~
stderr=
args=/sbin/service sshd restart
stdout=Stopping sshd:                                      [  OK  ]
Starting sshd:                                             [  OK  ]

stderr=
args=/sbin/service sshd status
stdout=openssh-daemon (pid  25393) is running...

stderr=
Client configuration complete.
~~~

Additional info:
 Bug 1282845

Metadata Update from @rcritten:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1662479

4 months ago

Match section block extends until end of file. I guess we need at least to document that we add certain instructions to sshd_config and they might be invalid if 'Match' block is present at the end of sshd_config.

Metadata Update from @abbra:
- Issue set to the milestone: FreeIPA 3.x Documentation (was: 0.0 NEEDS_TRIAGE)

4 months ago

Login to comment on this ticket.

Metadata