Our instances are in Amazon cloud and we use FreeNX with Centos5 for running legacy software and upgrade is not an option. The version of sshd that ships with Centos5 does not support multiple options for *AuthorizedKeysFile* (newer versions of sshd do), so something like "*AuthorizedKeysFile %h/.ssh/authorized_keys **%h/.ssh/authorized_keys2*" will not work on Centos5 but it seems that "*.ssh/authorized_keys **.ssh/authorized_keys2*" this is the default. So the only way to make FreeNX work is to comment out all occurrences of *AuthorizedKeysFile* line entirely and this is where scalarizr agent steps in to cause problems. So, I think your suggestion to only set this parameter on clouds that require it is the only sensible way to do it.
Essentially as of now we cannot use FreeNX with any instances started by Scalr and there is no workaround. This is a major roadblock for my client as they intend to abandon RightScale by the end of this year and Scalr is a plausible candidate. So, please consider addressing this issue in your future releases. Regards, Dmitri On Tuesday, September 1, 2015 at 4:20:02 AM UTC-4, Marat Komarov wrote: > > Hi, > > This configuration is applied on Scalarizr startup, so upgrade or just > service restart will override your settings. > > What cloud platform are you running? This setting is required only by > OpenStack/CloudStack but currently applied everywhere, and we'll tweak this > in nearest update. > > Regards, > Marat > > On Monday, August 24, 2015 at 11:24:50 PM UTC+3, Dmitri Toubelis wrote: >> >> Hi, >> >> I was battling a problem that only occurs with instances instantiated by >> Scalr and finally i figured it out. I noticed that Scalarizr agent add the >> following lines to `/etc/ssh/sshd_config file`: >> >> ... >> PubkeyAuthentication yes >> RSAAuthentication yes >> *AuthorizedKeysFile %h/.ssh/authorized_keys* >> >> The last line is what causes the problem. The default value for >> `AuthorizedKeysFile ` is “.ssh/authorized_keys .ssh/authorized_keys2” >> according to sshd documentation so the new value disables >> ".ssh/authorized_keys2" part and it causes problems with some apps (freenx >> in particular). >> >> I can obviously overwrite configuration by a script to fix this problem >> but I wonder if Scalarizr require this particular configuration for some >> reasons. Also, I have a suspicion that Scalarizr may restore this >> configuration on upgrade, I will not be able to capture this event and it >> will break the system. >> >> So, my question is what would be the best way to address this issue? >> >> Thanks. >> >> >> -- You received this message because you are subscribed to the Google Groups "scalr-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
