Ben, SRU template is in. I think this is all I can do until the debdiff is uploaded to the archive, correct?
** Description changed: + [Impact] + + * Provisioning with the latest walinuxagent will break sshd_config, + barring sshd from starting. With ssh access often the only means of + access for cloud instances, this is extremely disruptive. + + * A backport of this fix is necessary to retain ssh access after re- + provisioning an instance hosted on Azure. + + * The current waagent command assumes that sshd_config is terminated + with a newline when it appends a config option to the file. There is no + newline and thus this new configuration option is appended to a current + option rendering the config file invalid. The fix is to insert a + newline prior to appending to the config file. + + [Test Case] + + Steps to reproduce + * Become familiar with the last line of sshd_config, `tail /etc/ssh/sshd_config` + It will contain "UsePAM yes" and have new newline at the of the file. + * Install walinuxagent with `apt-get install walinuxagent` + * Force re-provisioning by running `waagent -setup` + * Check the config file with `tail /etc/ssh/sshd_config`. It will now contain: + "UsePAM yesClientAliveInterval 180" + * Confirm that the SSH daemon will fail to start. Test by running `/usr/sbin/sshd`. Expected error output is: + "/etc/ssh/sshd_config line 88: Bad yes/no argument: yesClientAliveInterval" + At this point, rebooting the OS will result in loss of SSH access. + * Edit /etc/ssh/sshd_config to insert a carriage return after "UsePAM yes" and place "ClientAliveInterval 180" on its own line. + * Verify that ssh can start again `/usr/sbin/sshd` + + [Regression Potential] + + * Regression risk is extremely low, I can't think of a negative impact + of adding an extra newline to the end of the file before appending + content. + + [Other Info] + + * Tested in 14.04 and 13.10, PPA builds can be found at ppa:~rcj/testing for thos packages. + * Repeated re-provisioning will add new newline characters, which will add whitespace prior to the new config option. This whitespace will grow by one line with each re-provisioning; but this is a rare operation. Given the code structure it was far safer to address this by unconditionally adding the newline rather than adding complexity to check that it was absolutely needed. + + + [ Original Description Follows ] + After installing the latest walinuxagent package on Ubuntu 13.10 I see that we end up with a broken configuration in /etc/ssh/sshd_config. The last line in that file looks like the following: - UsePAM yesClientAliveInterval 180 + UsePAM yesClientAliveInterval 180 This is the result of the agent package re-running "waagent -setup," which wants to append the "ClientAliveInterval 180" parameter to /etc/ssh/sshd_config to avoid timeouts with the Azure load balancer (which has a 4 minute timeout). But currently waagent assumes there is a "\n" at the end of this file. We could fix this bug in the agent to always add "\n" to the front of this parameter (maybe a good idea) or there may be another way to fix this. ** Changed in: walinuxagent (Ubuntu) Importance: Undecided => Critical -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to walinuxagent in Ubuntu. https://bugs.launchpad.net/bugs/1305418 Title: walinuxagent breaks sshd configuration To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/walinuxagent/+bug/1305418/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
