[release-4.6] Bug 1901187: templates: Disable SSH keys lookup from authorized_keys.d on FCOS by openshift-cherrypick-robot · Pull Request #2245 · openshift/machine-config-operator

openshift-cherrypick-robot · 2020-11-19T21:15:41Z

This is an automated cherry-pick of #2087

/assign LorbusChris

On FCOS, this sshd config dropin ensures that only SSH keys from the `/home/core/.ssh/authorized_keys` file are picked up, and not ones present in the `/home/core/.ssh/authorized_keys.d/` directory, which might be written by Ignition and/or Afterburn. On RHCOS this is a no-op, as it already looks up SSH keys from the authorized_keys file only.

openshift-ci-robot · 2020-11-19T21:16:06Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: openshift-cherrypick-robot
To complete the pull request process, please assign sinnykumari after the PR has been reviewed.
You can assign the PR to them by writing /assign @sinnykumari in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

openshift-merge-robot · 2020-11-19T21:59:31Z

@openshift-cherrypick-robot: The following tests failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
ci/prow/e2e-aws-workers-rhel7	`3ee1b03`	link	`/test e2e-aws-workers-rhel7`
ci/prow/okd-e2e-gcp-op	`3ee1b03`	link	`/test okd-e2e-gcp-op`
ci/prow/okd-e2e-upgrade	`3ee1b03`	link	`/test okd-e2e-upgrade`
ci/prow/okd-e2e-aws	`3ee1b03`	link	`/test okd-e2e-aws`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

LorbusChris · 2020-11-24T16:48:20Z

/title Bug 1901187: [release-4.6] templates: Disable SSH keys lookup from authorized_keys.d on FCOS

LorbusChris · 2020-11-24T16:49:40Z

/retitle Bug 1901187: [release-4.6] templates: Disable SSH keys lookup from authorized_keys.d on FCOS

openshift-ci-robot · 2020-11-24T16:49:59Z

@openshift-cherrypick-robot: This pull request references Bugzilla bug 1901187, which is invalid:

expected Bugzilla bug 1901187 to depend on a bug targeting a release in 4.7.0 and in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), but no dependents were found

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

Bug 1901187: [release-4.6] templates: Disable SSH keys lookup from authorized_keys.d on FCOS

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

LorbusChris · 2020-11-25T14:02:57Z

/retitle [release-4.6] Bug 1901187: templates: Disable SSH keys lookup from authorized_keys.d on FCOS

LorbusChris · 2020-12-03T11:32:39Z

/hold

LorbusChris · 2020-12-04T01:09:56Z

/hold cancel

vrutkovs · 2021-01-21T10:56:55Z

/hold

This breaks ssh attempts on 4.6:

Jan 21 10:55:36 ip-10-0-137-119 sshd[130647]: error: AuthorizedKeysCommand path is not absolute
Jan 21 10:55:36 ip-10-0-137-119 sshd[130647]: Connection closed by authenticating user core 10.0.188.12 port 41306 [preauth]

openshift-bot · 2021-04-21T13:07:33Z

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

LorbusChris · 2021-04-28T10:57:26Z

/close

openshift-ci-robot · 2021-04-28T10:57:38Z

@LorbusChris: Closed this PR.

Details

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci-robot · 2021-04-28T10:57:51Z

@openshift-cherrypick-robot: This pull request references Bugzilla bug 1901187. The bug has been updated to no longer refer to the pull request using the external bug tracker. All external bug links have been closed. The bug has been moved to the NEW state.

Details

In response to this:

[release-4.6] Bug 1901187: templates: Disable SSH keys lookup from authorized_keys.d on FCOS

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci-robot assigned LorbusChris Nov 19, 2020

openshift-cherrypick-robot mentioned this pull request Nov 19, 2020

templates: Disable SSH keys lookup from authorized_keys.d on FCOS #2087

Merged

openshift-ci-robot requested review from ashcrow and runcom November 19, 2020 21:16

kikisdeliveryservice added the 4.6 Work targeted for 4.6 label Nov 19, 2020

openshift-ci-robot changed the title ~~[release-4.6] templates: Disable SSH keys lookup from authorized_keys.d on FCOS~~ Bug 1901187: [release-4.6] templates: Disable SSH keys lookup from authorized_keys.d on FCOS Nov 24, 2020

openshift-ci-robot added the bugzilla/severity-unspecified Referenced Bugzilla bug's severity is unspecified for the PR. label Nov 24, 2020

openshift-ci-robot added the bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. label Nov 24, 2020

LorbusChris mentioned this pull request Nov 24, 2020

[Tracking] OKD 4.6 Stable okd-project/okd#348

Closed

6 tasks

openshift-ci-robot changed the title ~~Bug 1901187: [release-4.6] templates: Disable SSH keys lookup from authorized_keys.d on FCOS~~ [release-4.6] Bug 1901187: templates: Disable SSH keys lookup from authorized_keys.d on FCOS Nov 25, 2020

openshift-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 3, 2020

openshift-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 4, 2020

openshift-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 21, 2021

openshift-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 21, 2021

openshift-ci-robot closed this Apr 28, 2021

Conversation

openshift-cherrypick-robot commented Nov 19, 2020

Uh oh!

openshift-ci-robot commented Nov 19, 2020

Uh oh!

openshift-merge-robot commented Nov 19, 2020

Uh oh!

LorbusChris commented Nov 24, 2020

Uh oh!

LorbusChris commented Nov 24, 2020

Uh oh!

openshift-ci-robot commented Nov 24, 2020

Uh oh!

LorbusChris commented Nov 25, 2020

Uh oh!

LorbusChris commented Dec 3, 2020

Uh oh!

LorbusChris commented Dec 4, 2020

Uh oh!

vrutkovs commented Jan 21, 2021

Uh oh!

openshift-bot commented Apr 21, 2021

Uh oh!

LorbusChris commented Apr 28, 2021

Uh oh!

openshift-ci-robot commented Apr 28, 2021

Uh oh!

openshift-ci-robot commented Apr 28, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants