Re: Linux base image creation
Thanks Andy! The changes you suggested actually worked for Ubuntu images. I could configure the two ssh deamons to running state. On Mon, May 17, 2010 at 2:09 PM, Andy Kurth andy_ku...@ncsu.edu wrote: Hello, I realize I worded the last message poorly. I meant to run ps to list the sshd processes so you could see the command that was used to start them. This would tell you whether or not the -f options was being used when ext_ssh was started. The problems you are seeing are mainly with the ext_ssh file. The instructions were written for Redhat and need to be reworked for Ubuntu because its service startup scripts have a different structure. I took a look at an Ubuntu installation. There is no OPTIONS variable in /etc/init.d/ssh so the OPTIONS= line you added has no effect. Instead, it uses a SSHD_OPTS variable. Find the init-functions line and add the following line after it: SSHD_OPTS=-f /etc/ssh/external_sshd_config Change all sshd.pid strings to ext_sshd.pid. The following sed command should work: sed -i -r -e s/(ext_)?sshd\.pid/ext_sshd.pid/g /etc/init.d/ext_ssh I have attached a script I used to configure sshd on my Ubuntu test image. It's pretty raw but it works for me. Please reply if you have any problems with it. I'll update the documentation with this script if it's working properly. Hope this helps, Andy Kiran N wrote: Thanks Andy for the response! After stopping all the SSH services, I restarted the external ssh by the command /etc/init.d/ext_ssh start and as you said, ext_ssh is listening on the private IP address. I am attaching the ssh, ext_ssh and external_ssh_config files. Also the output for command used to start the external sshd process: ps -ef | grep sshd is not as you said. Hope this helps to figure out the problem! -- Thanks, Kiran
Re: Linux base image creation
Hello, I realize I worded the last message poorly. I meant to run ps to list the sshd processes so you could see the command that was used to start them. This would tell you whether or not the -f options was being used when ext_ssh was started. The problems you are seeing are mainly with the ext_ssh file. The instructions were written for Redhat and need to be reworked for Ubuntu because its service startup scripts have a different structure. I took a look at an Ubuntu installation. There is no OPTIONS variable in /etc/init.d/ssh so the OPTIONS= line you added has no effect. Instead, it uses a SSHD_OPTS variable. Find the init-functions line and add the following line after it: SSHD_OPTS=-f /etc/ssh/external_sshd_config Change all sshd.pid strings to ext_sshd.pid. The following sed command should work: sed -i -r -e s/(ext_)?sshd\.pid/ext_sshd.pid/g /etc/init.d/ext_ssh I have attached a script I used to configure sshd on my Ubuntu test image. It's pretty raw but it works for me. Please reply if you have any problems with it. I'll update the documentation with this script if it's working properly. Hope this helps, Andy Kiran N wrote: Thanks Andy for the response! After stopping all the SSH services, I restarted the external ssh by the command /etc/init.d/ext_ssh start and as you said, ext_ssh is listening on the private IP address. I am attaching the ssh, ext_ssh and external_ssh_config files. Also the output for command used to start the external sshd process: ps -ef | grep sshd is not as you said. Hope this helps to figure out the problem! #!/bin/bash function set_config { if [ $# -ne 3 ] then echo usage: set_config [config_file] [keyword] [value] exit 1 fi config_file=$1 keyword=$2 value=$3 if [ $value == '#' ] then #echo Commenting $keyword lines in $config_file sed -i -r -e s/^[ #]*($keyword .*)/#\1/ $config_file else if [ `grep -i -r -c ^[ #]*$keyword $config_file` == '0' ] then #echo Adding $keyword value to $config_file echo $keyword $value $config_file else escaped_value=$(echo $value | sed -e 's/\//\\\//g') #echo Setting $keyword to $value in $config_file sed -i -r -e s/^[ #]*($keyword).*/\1 $escaped_value/ $config_file fi fi #grep -i -r ^[ #]*$keyword $config_file return 1; } clear cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIG set_config '/etc/ssh/sshd_config' 'StrictModes' 'no' set_config '/etc/ssh/sshd_config' 'X11Forwarding' 'yes' set_config '/etc/ssh/sshd_config' 'KeyRegenerationInterval' '0' set_config '/etc/ssh/sshd_config' 'MaxStartups' '#' cp /etc/ssh/sshd_config /etc/ssh/external_sshd_config set_config '/etc/ssh/external_sshd_config' 'PidFile' '/var/run/ext_sshd.pid' sed -i -r -e s/^[ #]*AllowUsers.*//g /etc/ssh/sshd_config sed -i -r -e s/^[ #]*AllowUsers.*//g /etc/ssh/external_sshd_config sed -i -r -e s/^[ #]*ListenAddress.*//g /etc/ssh/sshd_config sed -i -r -e s/^[ #]*ListenAddress.*//g /etc/ssh/external_sshd_config IP0=$(ifconfig eth0 | grep 'inet addr' | awk '{print $2}' | awk -F: '{print $2}') IP1=$(ifconfig eth1 | grep 'inet addr' | awk '{print $2}' | awk -F: '{print $2}') echo IP eth0: $IP0 echo IP eth1: $IP1 echo AllowUsers root /etc/ssh/sshd_config echo ListenAddress $IP0 /etc/ssh/sshd_config echo ListenAddress $IP1 /etc/ssh/external_sshd_config cp /etc/init.d/ssh /etc/init.d/ext_ssh sed -i -r -e s/(ext_)?sshd\.pid/ext_sshd.pid/g /etc/init.d/ext_ssh sed -i -r -e s/\sshd\/\ext_sshd\/g /etc/init.d/ext_ssh sed -i -r -e s/(.*init-functions)/\1\n\nSSHD_OPTS=\-f \/etc\/ssh\/external_sshd_config\/ /etc/init.d/ext_ssh echo echo Stopping sshd services... service ssh stop sleep 2 service ext_ssh stop sleep 2 rm -f /var/run/*sshd*pid echo echo Starting sshd services... service ssh start sleep 2 service ext_ssh start echo echo sshd processes: pgrep -fl sbin.sshd echo echo sshd.pid: `cat /var/run/sshd.pid` echo ext_sshd.pid: `cat /var/run/ext_sshd.pid`
Re: Linux base image creation
Assuming you have a way to access the console without SSH, try stopping all sshd processes and then start ext_sshd. Check which address it's listening on: netstat -l -n | grep ':22' You should see something like: tcp 0 0 IP address:22 0.0.0.0:* LISTEN If it's listening on the private address, then there's a problem with either the ext_sshd script or /etc/ssh/external_sshd_config. Please include the contents of these files. If it's listening on the public address and you still can't connect, check the firewall. Also check the command used to start the external sshd process: ps -ef | grep sshd You should see something like: /usr/sbin/sshd -f /etc/ssh/external_sshd_config Hope this helps, Andy Kiran N wrote: Hello All, I am trying to create an Ubuntu base image. I have followed the instructions as given in https://cwiki.apache.org/VCL/create-a-linux-base-image.html I am able to ssh on the private network(eth1) from my management node but I am unable to ssh on the public network(eth0). I start my ssh on public interface by /etc/init.d/ext_ssh start and it shows a message saying SSH started successfully but actually there is no ssh port which listens on public interface. Hence I am unable to ssh remotely. Are there any extra changes to be made for an ubuntu base image? Any input will be helpful!
Re: Linux base image creation
Thanks Andy for the response! After stopping all the SSH services, I restarted the external ssh by the command /etc/init.d/ext_ssh start and as you said, ext_ssh is listening on the private IP address. I am attaching the ssh, ext_ssh and external_ssh_config files. Also the output for command used to start the external sshd process: ps -ef | grep sshd is not as you said. Hope this helps to figure out the problem! On Fri, May 14, 2010 at 11:22 AM, Andy Kurth andy_ku...@ncsu.edu wrote: Assuming you have a way to access the console without SSH, try stopping all sshd processes and then start ext_sshd. Check which address it's listening on: netstat -l -n | grep ':22' You should see something like: tcp 0 0 IP address:22 0.0.0.0:* LISTEN If it's listening on the private address, then there's a problem with either the ext_sshd script or /etc/ssh/external_sshd_config. Please include the contents of these files. If it's listening on the public address and you still can't connect, check the firewall. Also check the command used to start the external sshd process: ps -ef | grep sshd You should see something like: /usr/sbin/sshd -f /etc/ssh/external_sshd_config Hope this helps, Andy Kiran N wrote: Hello All, I am trying to create an Ubuntu base image. I have followed the instructions as given in https://cwiki.apache.org/VCL/create-a-linux-base-image.html I am able to ssh on the private network(eth1) from my management node but I am unable to ssh on the public network(eth0). I start my ssh on public interface by /etc/init.d/ext_ssh start and it shows a message saying SSH started successfully but actually there is no ssh port which listens on public interface. Hence I am unable to ssh remotely. Are there any extra changes to be made for an ubuntu base image? Any input will be helpful! -- Thanks, Kiran #! /bin/sh ### BEGIN INIT INFO # Provides: ext_ssh # Required-Start: $remote_fs $syslog # Required-Stop:$remote_fs $syslog # Default-Start:2 3 4 5 # Default-Stop: 1 # Short-Description:OpenBSD Secure Shell server ### END INIT INFO set -e OPTIONS='-f /etc/ssh/external_sshd_config' PID_FILE=/var/run/ext_sshd.pid # /etc/init.d/ssh: start and stop the OpenBSD secure shell(tm) daemon test -x /usr/sbin/ext_ssh || exit 0 ( /usr/sbin/ext_ssh -\? 21 | grep -q OpenSSH ) 2/dev/null || exit 0 export SSHD_OOM_ADJUST=-17 if test -f /etc/default/ext_ssh; then . /etc/default/ext_ssh fi # Are we in a virtual environment that doesn't support modifying # /proc/self/oom_adj? if grep -q 'envID:.*[1-9]' /proc/self/status; then unset SSHD_OOM_ADJUST fi . /lib/lsb/init-functions if [ -n $2 ]; then SSHD_OPTS=$SSHD_OPTS $2 fi # Are we running from init? run_by_init() { ([ $previous ] [ $runlevel ]) || [ $runlevel = S ] } check_for_no_start() { # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists if [ -e /etc/ssh/sshd_not_to_be_run ]; then if [ $1 = log_end_msg ]; then log_end_msg 0 fi if ! run_by_init; then log_action_msg OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run) fi exit 0 fi } check_dev_null() { if [ ! -c /dev/null ]; then if [ $1 = log_end_msg ]; then log_end_msg 1 || true fi if ! run_by_init; then log_action_msg /dev/null is not a character device! fi exit 1 fi } check_privsep_dir() { # Create the PrivSep empty dir if necessary if [ ! -d /var/run/ext_ssh ]; then mkdir /var/run/ext_ssh chmod 0755 /var/run/ext_ssh fi } check_config() { if [ ! -e /etc/ssh/sshd_not_to_be_run ]; then /usr/sbin/ext_ssh -t || exit 1 fi } export PATH=${PATH:+$PATH:}/usr/sbin:/sbin case $1 in start) check_privsep_dir check_for_no_start check_dev_null log_daemon_msg Starting OpenBSD Secure Shell server ext_ssh if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/ext_ssh.pid --exec /usr/sbin/ext_ssh -- $SSHD_OPTS; then log_end_msg 0 else log_end_msg 1 fi ;; stop) log_daemon_msg Stopping OpenBSD Secure Shell server ext_ssh if start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/ext_ssh.pid; then log_end_msg 0 else log_end_msg 1 fi ;; reload|force-reload) check_for_no_start check_config log_daemon_msg Reloading OpenBSD Secure Shell server's configuration ext_ssh if start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile /var/run/ext_ssh.pid --exec /usr/sbin/ext_ssh; then log_end_msg 0 else log_end_msg 1 fi ;; restart) check_privsep_dir check_config log_daemon_msg Restarting OpenBSD