On 11/16/2011 11:50 PM, Wenyi Gao wrote:
> On 2011年11月16日 20:26, Lucas Meneghel Rodrigues wrote:
>> On 11/16/2011 07:20 AM, Wenyi Gao wrote:
>>>
>>> Currently, for ubuntu system, autotest.init will be used and start
>>> monitor_db_babysitter owned by user autotest,
>>> so when we use web front-end to create job, the autoserv also owned
>>> by user autotest runs ssh commands with default
>>> ssh user "root", known as "-l root", which causes the following
>>> permission problem on ubuntu.
>>>
>>> * Command:
>>> /usr/bin/ssh -a -x -o StrictHostKeyChecking=no -o
>>> UserKnownHostsFile=/tmp/tmpvUr_sL -o BatchMode=yes -o
>>> ConnectTimeout=60 -o
>>> ServerAliveInterval=300 -l root -p 22 172.16.3.130 " true"
>>> Exit status: 255
>>> Duration: 0.342299938202
>>>
>>> stderr:
>>> Permission denied (publickey,password).
>>>
>>>
>>> So the patch changes user from autotest to root when starting
>>> monitor_de_babysitter to keep consitent with ssh
>>> user "-l root".
>>
>> From the ssl man page
>>_make_ssh_cmd_default
>> -l login_name: Specifies the user to log in as on the remote machine.
>> This also may be specified on a per-host basis in the configuration file.
>>
>> This is not a problem with the autotest user on your machine. What
>> probably happens is you do not have ssh key properly setup.
>>
>> https://github.com/autotest/autotest/wiki/KVMAutotest-GetStartedServer
>>
>> Host Installation Steps
>> Setup password-less ssh connection from the server to this host
>> On the server, create a DSA key in the following way:
>>
>> ssh-keygen -t dsa
>> Then, still on the server, copy it to the host:
>>
>> ssh-copy-id [email protected]
>>
>> I'm rejecting this patch.
>>
>
> In fact, I have setup the ssh key and both user "autotest" and user
> "root" can ssh target host without password. I have done the following
> test:
>
> Test 1: root user run ssh
>
> root@wayne-ThinkPad-T420:/home/wayne# ssh [email protected]
> Welcome to Ubuntu 11.10 (GNU/Linux 3.0.0-12-generic x86_64)
>
> * Documentation: https://help.ubuntu.com/
>
> Last login: Thu Nov 17 09:24:07 2011 from wayne-thinkpad-t420.local
> root@ubuntu:~#
>
>
> Test 2: autotest user run ssh
>
> autotest@wayne-ThinkPad-T420:/home/wayne$ ssh [email protected]
> Welcome to Ubuntu 11.10 (GNU/Linux 3.0.0-12-generic x86_64)
>
> * Documentation: https://help.ubuntu.com/
>
> Last login: Thu Nov 17 09:28:11 2011 from wayne-thinkpad-t420.local
> autotest@ubuntu:~$
>
>
> Test 3: autotest user run ssh with "-l root"
>
> autotest@wayne-ThinkPad-T420:/home/wayne$ ssh -a -x 172.16.3.130 -l root
> "true"
> [email protected]'s password:
>
>
> The tests are done on Ubuntu 11.10 workstations. It is clear Test1 and
> Tes2 are okey, but Test 3 fails. However our autotest framework
> runs ssh as the same way to Test 3, which will fail. On the other side,
> if Test 3 is okey, there will be a security hole for ssh
> because a user can ssh a target host with another user's account without
> password.
Well, I've checked once again the man page just to confirm
"""
-l login_name
Specifies the user to log in as on the remote machine.
This also may be specified on a per-host basis in the configuration file.
"""
"To log in as on the remote machine". This is the equivalent to using
root@ip.
This works perfectly under Fedora, no need to run the scheduler as root
whatsoever, and there are no keys from the root user on our test
machines. I've looked the init script code and there's nothing obviously
wrong there. I need to set up an environment with Ubuntu VMs to see what
the heck is going on here.
_______________________________________________
Autotest mailing list
[email protected]
http://test.kernel.org/cgi-bin/mailman/listinfo/autotest
