Re: Linux base image creation

[Kiran N]

Thanks Andy!
The changes you suggested actually worked for Ubuntu images. I could
configure the two ssh deamons to running state.



On Mon, May 17, 2010 at 2:09 PM, Andy Kurth andy_ku...@ncsu.edu wrote:

 Hello,
 I realize I worded the last message poorly.  I meant to run ps to list the
 sshd processes so you could see the command that was used to start them.
  This would tell you whether or not the -f options was being used when
 ext_ssh was started.  The problems you are seeing are mainly with the
 ext_ssh file.  The instructions were written for Redhat and need to be
 reworked for Ubuntu because its service startup scripts have a different
 structure.

 I took a look at an Ubuntu installation.  There is no OPTIONS variable in
 /etc/init.d/ssh so the OPTIONS= line you added has no effect.  Instead, it
 uses a SSHD_OPTS variable.  Find the init-functions line and add the
 following line after it:

 SSHD_OPTS=-f /etc/ssh/external_sshd_config

 Change all sshd.pid strings to ext_sshd.pid.  The following sed command
 should work:
 sed -i -r -e s/(ext_)?sshd\.pid/ext_sshd.pid/g /etc/init.d/ext_ssh

 I have attached a script I used to configure sshd on my Ubuntu test image.
  It's pretty raw but it works for me.  Please reply if you have any problems
 with it.  I'll update the documentation with this script if it's working
 properly.


 Hope this helps,
 Andy

 Kiran N wrote:

 Thanks Andy for the response!

 After stopping all the SSH services, I restarted the external ssh by the
 command
 /etc/init.d/ext_ssh start
 and as you said, ext_ssh is listening on the private IP address.
 I am attaching the ssh, ext_ssh and external_ssh_config files.
 Also the output for command used to start the external sshd process:
 ps -ef | grep sshd
 is not as you said.

 Hope this helps to figure out the problem!




-- 
Thanks,
Kiran

Re: Linux base image creation

[Andy Kurth]

Hello,
I realize I worded the last message poorly.  I meant to run ps to list the sshd 
processes so you could see the command that was used to start them.  This would 
tell you whether or not the -f options was being used when ext_ssh was started. 
 The problems you are seeing are mainly with the ext_ssh file.  The 
instructions were written for Redhat and need to be reworked for Ubuntu because 
its service startup scripts have a different structure.


I took a look at an Ubuntu installation.  There is no OPTIONS variable in 
/etc/init.d/ssh so the OPTIONS= line you added has no effect.  Instead, it 
uses a SSHD_OPTS variable.  Find the init-functions line and add the following 
line after it:


SSHD_OPTS=-f /etc/ssh/external_sshd_config

Change all sshd.pid strings to ext_sshd.pid.  The following sed command 
should work:

sed -i -r -e s/(ext_)?sshd\.pid/ext_sshd.pid/g /etc/init.d/ext_ssh

I have attached a script I used to configure sshd on my Ubuntu test image.  It's 
pretty raw but it works for me.  Please reply if you have any problems with it. 
 I'll update the documentation with this script if it's working properly.


Hope this helps,
Andy

Kiran N wrote:

Thanks Andy for the response!

After stopping all the SSH services, I restarted the external ssh by the
command
/etc/init.d/ext_ssh start
and as you said, ext_ssh is listening on the private IP address.
I am attaching the ssh, ext_ssh and external_ssh_config files.
Also the output for command used to start the external sshd process:
ps -ef | grep sshd
is not as you said.

Hope this helps to figure out the problem!
#!/bin/bash

function set_config {
if [ $# -ne 3 ]
then
echo usage: set_config [config_file] [keyword] [value]
exit 1
fi

config_file=$1
keyword=$2
value=$3

if [ $value == '#' ]
then
#echo Commenting $keyword lines in $config_file
sed -i -r -e s/^[ #]*($keyword .*)/#\1/ $config_file
else
if [ `grep -i -r -c ^[ #]*$keyword  $config_file` == '0' ]
then
#echo Adding $keyword value to $config_file
echo $keyword $value  $config_file
else
escaped_value=$(echo $value | sed -e 's/\//\\\//g')
#echo Setting $keyword to $value in $config_file
 sed -i -r -e s/^[ #]*($keyword).*/\1 $escaped_value/ $config_file
fi
fi

#grep -i -r ^[ #]*$keyword $config_file

return 1;
}

clear
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIG

set_config '/etc/ssh/sshd_config' 'StrictModes' 'no'
set_config '/etc/ssh/sshd_config' 'X11Forwarding' 'yes'
set_config '/etc/ssh/sshd_config' 'KeyRegenerationInterval' '0'
set_config '/etc/ssh/sshd_config' 'MaxStartups' '#'

cp /etc/ssh/sshd_config /etc/ssh/external_sshd_config

set_config '/etc/ssh/external_sshd_config' 'PidFile' '/var/run/ext_sshd.pid'

sed -i -r -e s/^[ #]*AllowUsers.*//g /etc/ssh/sshd_config
sed -i -r -e s/^[ #]*AllowUsers.*//g /etc/ssh/external_sshd_config

sed -i -r -e s/^[ #]*ListenAddress.*//g /etc/ssh/sshd_config
sed -i -r -e s/^[ #]*ListenAddress.*//g /etc/ssh/external_sshd_config

IP0=$(ifconfig eth0 | grep 'inet addr' | awk '{print $2}' | awk -F: '{print 
$2}')
IP1=$(ifconfig eth1 | grep 'inet addr' | awk '{print $2}' | awk -F: '{print 
$2}')
echo IP eth0: $IP0
echo IP eth1: $IP1

echo AllowUsers root  /etc/ssh/sshd_config

echo ListenAddress $IP0  /etc/ssh/sshd_config
echo ListenAddress $IP1  /etc/ssh/external_sshd_config

cp /etc/init.d/ssh /etc/init.d/ext_ssh
sed -i -r -e s/(ext_)?sshd\.pid/ext_sshd.pid/g /etc/init.d/ext_ssh
sed -i -r -e s/\sshd\/\ext_sshd\/g /etc/init.d/ext_ssh
sed -i -r -e s/(.*init-functions)/\1\n\nSSHD_OPTS=\-f 
\/etc\/ssh\/external_sshd_config\/ /etc/init.d/ext_ssh

echo
echo Stopping sshd services...
service ssh stop
sleep 2
service ext_ssh stop
sleep 2

rm -f /var/run/*sshd*pid

echo
echo Starting sshd services...
service ssh start
sleep 2
service ext_ssh start

echo
echo sshd processes:
pgrep -fl sbin.sshd
echo
echo sshd.pid: `cat /var/run/sshd.pid`
echo ext_sshd.pid: `cat /var/run/ext_sshd.pid`

Re: Linux base image creation

[Andy Kurth]

Assuming you have a way to access the console without SSH, try stopping all sshd 
processes and then start ext_sshd.  Check which address it's listening on:

netstat -l -n | grep ':22'

You should see something like:
tcp   0   0   IP address:22   0.0.0.0:*   LISTEN

If it's listening on the private address, then there's a problem with either the 
ext_sshd script or /etc/ssh/external_sshd_config.  Please include the contents 
of these files.


If it's listening on the public address and you still can't connect, check the 
firewall.


Also check the command used to start the external sshd process:
ps -ef | grep sshd

You should see something like:
/usr/sbin/sshd -f /etc/ssh/external_sshd_config

Hope this helps,
Andy

Kiran N wrote:

Hello All,
I am trying to create an Ubuntu base image. I have followed the instructions
as given in
https://cwiki.apache.org/VCL/create-a-linux-base-image.html
I am able to ssh on the private network(eth1) from my management node but I
am unable to ssh on the public network(eth0).
I start my ssh on public interface by /etc/init.d/ext_ssh start and it shows
a message saying SSH started successfully but actually there is no ssh port
which listens on public interface. Hence I am unable to ssh remotely.
Are there any extra changes to be made for an ubuntu base image? Any input
will be helpful!

Re: Linux base image creation

[Kiran N]

Thanks Andy for the response!

After stopping all the SSH services, I restarted the external ssh by the
command
/etc/init.d/ext_ssh start
and as you said, ext_ssh is listening on the private IP address.
I am attaching the ssh, ext_ssh and external_ssh_config files.
Also the output for command used to start the external sshd process:
ps -ef | grep sshd
is not as you said.

Hope this helps to figure out the problem!



On Fri, May 14, 2010 at 11:22 AM, Andy Kurth andy_ku...@ncsu.edu wrote:

 Assuming you have a way to access the console without SSH, try stopping all
 sshd processes and then start ext_sshd.  Check which address it's listening
 on:
 netstat -l -n | grep ':22'

 You should see something like:
 tcp   0   0   IP address:22   0.0.0.0:*   LISTEN

 If it's listening on the private address, then there's a problem with
 either the ext_sshd script or /etc/ssh/external_sshd_config.  Please include
 the contents of these files.

 If it's listening on the public address and you still can't connect, check
 the firewall.

 Also check the command used to start the external sshd process:
 ps -ef | grep sshd

 You should see something like:
 /usr/sbin/sshd -f /etc/ssh/external_sshd_config

 Hope this helps,
 Andy


 Kiran N wrote:

 Hello All,
 I am trying to create an Ubuntu base image. I have followed the
 instructions
 as given in
 https://cwiki.apache.org/VCL/create-a-linux-base-image.html
 I am able to ssh on the private network(eth1) from my management node but
 I
 am unable to ssh on the public network(eth0).
 I start my ssh on public interface by /etc/init.d/ext_ssh start and it
 shows
 a message saying SSH started successfully but actually there is no ssh
 port
 which listens on public interface. Hence I am unable to ssh remotely.
 Are there any extra changes to be made for an ubuntu base image? Any input
 will be helpful!




-- 
Thanks,
Kiran
#! /bin/sh

### BEGIN INIT INFO
# Provides: ext_ssh
# Required-Start:   $remote_fs $syslog
# Required-Stop:$remote_fs $syslog
# Default-Start:2 3 4 5
# Default-Stop: 1
# Short-Description:OpenBSD Secure Shell server
### END INIT INFO

set -e
OPTIONS='-f /etc/ssh/external_sshd_config'
PID_FILE=/var/run/ext_sshd.pid


# /etc/init.d/ssh: start and stop the OpenBSD secure shell(tm) daemon

test -x /usr/sbin/ext_ssh || exit 0
( /usr/sbin/ext_ssh -\? 21 | grep -q OpenSSH ) 2/dev/null || exit 0

export SSHD_OOM_ADJUST=-17
if test -f /etc/default/ext_ssh; then
. /etc/default/ext_ssh
fi

# Are we in a virtual environment that doesn't support modifying
# /proc/self/oom_adj?
if grep -q 'envID:.*[1-9]' /proc/self/status; then
unset SSHD_OOM_ADJUST
fi

. /lib/lsb/init-functions



if [ -n $2 ]; then
SSHD_OPTS=$SSHD_OPTS $2
fi

# Are we running from init?
run_by_init() {
([ $previous ]  [ $runlevel ]) || [ $runlevel = S ]
}

check_for_no_start() {
# forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
if [ -e /etc/ssh/sshd_not_to_be_run ]; then
if [ $1 = log_end_msg ]; then
log_end_msg 0
fi
if ! run_by_init; then
log_action_msg OpenBSD Secure Shell server not in use 
(/etc/ssh/sshd_not_to_be_run)
fi
exit 0
fi
}

check_dev_null() {
if [ ! -c /dev/null ]; then
if [ $1 = log_end_msg ]; then
log_end_msg 1 || true
fi
if ! run_by_init; then
log_action_msg /dev/null is not a character device!
fi
exit 1
fi
}

check_privsep_dir() {
# Create the PrivSep empty dir if necessary
if [ ! -d /var/run/ext_ssh ]; then
mkdir /var/run/ext_ssh
chmod 0755 /var/run/ext_ssh
fi
}

check_config() {
if [ ! -e /etc/ssh/sshd_not_to_be_run ]; then
/usr/sbin/ext_ssh -t || exit 1
fi
}

export PATH=${PATH:+$PATH:}/usr/sbin:/sbin

case $1 in
  start)
check_privsep_dir
check_for_no_start
check_dev_null
log_daemon_msg Starting OpenBSD Secure Shell server ext_ssh
if start-stop-daemon --start --quiet --oknodo --pidfile 
/var/run/ext_ssh.pid --exec /usr/sbin/ext_ssh -- $SSHD_OPTS; then
log_end_msg 0
else
log_end_msg 1
fi
;;
  stop)
log_daemon_msg Stopping OpenBSD Secure Shell server ext_ssh
if start-stop-daemon --stop --quiet --oknodo --pidfile 
/var/run/ext_ssh.pid; then
log_end_msg 0
else
log_end_msg 1
fi
;;

 reload|force-reload)
check_for_no_start
check_config
log_daemon_msg Reloading OpenBSD Secure Shell server's configuration 
ext_ssh
if start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile 
/var/run/ext_ssh.pid --exec /usr/sbin/ext_ssh; then
log_end_msg 0
else
log_end_msg 1
fi
;;

  restart)
check_privsep_dir
check_config
log_daemon_msg Restarting OpenBSD