1. Happens on RHEL/Centos only(other distros are not affected) 2. Happens only during the first attempted install of ipa-client package. If we try to reinstall the sshd.conf is not modified.3. We tried with --no-sshd flag to prevent sshd configuration as suggested in the following ticket [Freeipa-devel] [PATCH] 85 Add --no-ssh option to ipa-client-install to
We no longer get an messages in /var/log/ipaclientinstall.log about sshd.conf being backed up, BUT the file still gets changed.
pgb205 via FreeIPA-users wrote:
- Happens on RHEL/Centos only(other distros are not affected)
- Happens only during the first attempted install of ipa-client
package. If we try to reinstall the sshd.conf is not modified. 3. We tried with --no-sshd flag to prevent sshd configuration as suggested in the following ticket [Freeipa-devel] [PATCH] 85 Add --no-ssh option to ipa-client-install to https://www.redhat.com/archives/freeipa-devel/2012-September/msg00213.html
We no longer get an messages in /var/log/ipaclientinstall.log about sshd.conf being backed up, BUT the file still gets changed.
What version of IPA?
How is it changed?
rob
1. ipa client 4.6.5-11.el72. one of the lines in sshd.conf is reverted to the default option. specifically port number. Almost seems like the file is restored from the backup version. But then we are using --no-sshd option. On Wednesday, February 26, 2020, 05:47:34 PM EST, Rob Crittenden rcritten@redhat.com wrote:
pgb205 via FreeIPA-users wrote:
- Happens on RHEL/Centos only(other distros are not affected)
- Happens only during the first attempted install of ipa-client
package. If we try to reinstall the sshd.conf is not modified. 3. We tried with --no-sshd flag to prevent sshd configuration as suggested in the following ticket [Freeipa-devel] [PATCH] 85 Add --no-ssh option to ipa-client-install to https://www.redhat.com/archives/freeipa-devel/2012-September/msg00213.html
We no longer get an messages in /var/log/ipaclientinstall.log about sshd.conf being backed up, BUT the file still gets changed.
What version of IPA?
How is it changed?
rob
pgb205 via FreeIPA-users wrote:
1. ipa client 4.6.5-11.el7 2. one of the lines in sshd.conf is reverted to the default option. specifically port number. Almost seems like the file is restored from the backup version. But then we are using --no-sshd option.
I think we'll need to see /var/log/ipaclient-install.log.
So to be clear, you:
* start with no client installed * sshd is configured for port other than 22 (and other things) * run ipa-client-install --no-sshd * sshd now is configured with Port 22 * ipa-client-install --uninstall restores the pre-install sshd.conf so things are back to "normal"
Does that match what you're seeing?
I'll note that IPA does not purposely change the port at all, whether sshd is configured or not.
rob
On Wednesday, February 26, 2020, 05:47:34 PM EST, Rob Crittenden rcritten@redhat.com wrote:
pgb205 via FreeIPA-users wrote:
- Happens on RHEL/Centos only(other distros are not affected)
- Happens only during the first attempted install of ipa-client
package. If we try to reinstall the sshd.conf is not modified. 3. We tried with --no-sshd flag to prevent sshd configuration as suggested in the following ticket [Freeipa-devel] [PATCH] 85 Add --no-ssh option to ipa-client-install to
https://www.redhat.com/archives/freeipa-devel/2012-September/msg00213.html
We no longer get an messages in /var/log/ipaclientinstall.log about sshd.conf being backed up, BUT the file still gets changed.
What version of IPA?
How is it changed?
rob
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
1.correct2. only port is configured to something else. the rest of sshd_conf is default3. correct. only append --no-sshd option to prevent reconfiguration of sshd_conf file4. correct. after install port 22 is again in effect5. no. after uninstall there are no changes. And trying to re-install again as in 3. doesnt change the file. On Thursday, February 27, 2020, 10:12:29 AM EST, Rob Crittenden rcritten@redhat.com wrote:
pgb205 via FreeIPA-users wrote:
1. ipa client 4.6.5-11.el7 2. one of the lines in sshd.conf is reverted to the default option. specifically port number. Almost seems like the file is restored from the backup version. But then we are using --no-sshd option.
I think we'll need to see /var/log/ipaclient-install.log.
So to be clear, you:
* start with no client installed * sshd is configured for port other than 22 (and other things) * run ipa-client-install --no-sshd * sshd now is configured with Port 22 * ipa-client-install --uninstall restores the pre-install sshd.conf so things are back to "normal"
Does that match what you're seeing?
I'll note that IPA does not purposely change the port at all, whether sshd is configured or not.
rob
On Wednesday, February 26, 2020, 05:47:34 PM EST, Rob Crittenden rcritten@redhat.com wrote:
pgb205 via FreeIPA-users wrote:
- Happens on RHEL/Centos only(other distros are not affected)
- Happens only during the first attempted install of ipa-client
package. If we try to reinstall the sshd.conf is not modified. 3. We tried with --no-sshd flag to prevent sshd configuration as suggested in the following ticket [Freeipa-devel] [PATCH] 85 Add --no-ssh option to ipa-client-install to
https://www.redhat.com/archives/freeipa-devel/2012-September/msg00213.html
We no longer get an messages in /var/log/ipaclientinstall.log about sshd.conf being backed up, BUT the file still gets changed.
What version of IPA?
How is it changed?
rob
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
pgb205 wrote:
1.correct 2. only port is configured to something else. the rest of sshd_conf is default 3. correct. only append --no-sshd option to prevent reconfiguration of sshd_conf file 4. correct. after install port 22 is again in effect 5. no. after uninstall there are no changes. And trying to re-install again as in 3. doesnt change the file.
I can't reproduce this.
Can you provide an ipaclient-install.log where sshd_config is modified?
rob
On Thursday, February 27, 2020, 10:12:29 AM EST, Rob Crittenden rcritten@redhat.com wrote:
pgb205 via FreeIPA-users wrote:
1. ipa client 4.6.5-11.el7 2. one of the lines in sshd.conf is reverted to the default option. specifically port number. Almost seems like the file is restored from the backup version. But then we are using --no-sshd option.
I think we'll need to see /var/log/ipaclient-install.log.
So to be clear, you:
- start with no client installed
- sshd is configured for port other than 22 (and other things)
- run ipa-client-install --no-sshd
- sshd now is configured with Port 22
- ipa-client-install --uninstall restores the pre-install sshd.conf so
things are back to "normal"
Does that match what you're seeing?
I'll note that IPA does not purposely change the port at all, whether sshd is configured or not.
rob
On Wednesday, February 26, 2020, 05:47:34 PM EST, Rob Crittenden <rcritten@redhat.com mailto:rcritten@redhat.com> wrote:
pgb205 via FreeIPA-users wrote:
- Happens on RHEL/Centos only(other distros are not affected)
- Happens only during the first attempted install of ipa-client
package. If we try to reinstall the sshd.conf is not modified. 3. We tried with --no-sshd flag to prevent sshd configuration as suggested in the following ticket [Freeipa-devel] [PATCH] 85 Add --no-ssh option to ipa-client-install to
https://www.redhat.com/archives/freeipa-devel/2012-September/msg00213.html
We no longer get an messages in /var/log/ipaclientinstall.log about sshd.conf being backed up, BUT the file still gets changed.
What version of IPA?
How is it changed?
rob
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
mailto:freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
freeipa-users-leave@lists.fedorahosted.org mailto:freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
freeipa-users@lists.fedorahosted.org