ssh host keys missing in Cumulus VX image


I'm trying to spin up some Cumulus VX instances under RHEL7.2 using virsh/virt-install, and while I can get them to start up I am unable to SSH into them. After some inspection on the console, it appears the ssh host keys aren't being generated. If I manually generate them myself using ssh-keygen and restart sshd, then I can ssh in. I'm using the 2.5.5 KVM image, FWIW.

Is there something I've done in how these were spun up that was incorrect, or are the keys really not supposed to be generated by default?

11 replies

I don't have answer for you, but I tried same thing on ubuntu/virsh/virt-install, login work fine.
( my ztp scrpit reboot the box at the end, not sure if that made some difference thought )

Yeah, rebooting does not help in my instance at least. Unfortunately something about this image also precludes me from automating this via virt-customize, which would have been a fair workaround if it actually worked.
Keys are generated during firstboot by /etc/init.d/clinit.

On a firstboot where ssh doesn't work, does ls /etc/ssh/*key list any files?
No, there are no host key files.
If I try to run /etc/init.d/clinit manually, I get:

Use of uninitialized value $value in substitution (s///) at /usr/share/perl5/Debconf/Format/822.pm line 65, <$__ANONIO__> line 1.
Use of uninitialized value $item in hash element at /usr/share/perl5/Debconf/DbDriver/File.pm line 85, <$__ANONIO__> chunk 1.
dpkg-query: error: parsing file '/var/lib/dpkg/status' near line 0:
EOF after field name ''
dpkg-query: error: parsing file '/var/lib/dpkg/status' near line 0:
EOF after field name ''
/usr/sbin/dpkg-reconfigure: openssh-server is not installed

Looks like unexpected content in /var/lib/dpkg/status, which is very strange. Able to reply with the following?

# what version of VX?

cat /etc/lsb-release

# what would a human read from the first couple lines of dpkg status file (should be plain text list of package metadata)?

head /var/lib/dpkg/status

# what does the computer see from the first couple lines in the dpkg status file? will compare with a vx image here and look for unexpected chars.

hd /var/lib/dpkg/status |head -n20
root@spine1:~# cat /etc/lsb-release
DISTRIB_ID="Cumulus Linux"
DISTRIB_RELEASE=2.5.5
DISTRIB_DESCRIPTION=2.5.5-177c6a9-201512151504-naveed
root@spine1:~# head /var/lib/dpkg/status

root@spine1:~# hd /var/lib/dpkg/status |head -n20
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
0005cb98

The dpkg status database is empty. Very strange. Have an md5sum of the original downloaded qcow image? Would like to make sure it matches what I'm using.

md5sum CumulusVX-2.5.5-cc665123486ac43d.qcow2
e0cad2491d47f859828703a0b50cf633 CumulusVX-2.5.5-cc665123486ac43d.qcow2

size info (bytes)
-rw-r--r-- 1 trapier trapier 1092550656 Feb 9 21:46 CumulusVX-2.5.5-cc665123486ac43d.qcow2

Ah, that's definitely the problem. My file is both smaller and (obviously) a different md5. Let me grab the file again and see what I get, but that's certainly the issue. Strange that it otherwise seems to work just fine, though.
Opened a request with the website operations team to start posting md5sums along with the images.

Let us know if that fixes it.

Sorry for the delay, but I was able to successfully spin up a working VX instance using the new, correct image. SSH is working and all that. Thanks again for your help.

Reply